Try the new CSRC.nist.gov and let us know what you think!
(Note: Beta site content may not be complete.)

View the beta site
NIST Logo and ITL Banner Link to the NIST Homepage Link to the ITL Homepage Link to the NIST Homepage

NIST Solicits Comments on its Cryptographic Standards Development Process

Update- January 23, 2015: A revised second draft is now available . This page is still available for archival purposes.

Summary:
NIST requests comments on FIRST Draft NIST Interagency Report 7977, NIST Cryptographic Standards and Guidelines Development Process. This document describes the principles, processes and procedures behind our cryptographic standards development efforts. Please send questions to crypto-review@nist.gov. (Jan. 23, 2015 note: comment period for the FIRST draft has been closed - A SECOND Draft has been released)


Background:

In November 2013, NIST initiated a review of its cryptographic standards development process in response to public concerns about the security of NIST cryptographic standards and guidelines.

To enable this review, we have compiled information about the principles, processes and procedures that drive our cryptographic standards development efforts to help the public understand how we develop our standards. This information is being published in draft NIST IR 7977, NIST Cryptographic Standards and Guidelines Development Process. We are soliciting public comments on this draft NIST IR to obtain feedback on the mechanisms we use to engage experts in industry, academia and government to develop these standards.

We will review all public comments, post them on the CSRC website, and publish a revised NIST IR based on the feedback we receive. This revised publication will serve as basis for our future standards development efforts.

The revised NIST IR 7977 will also serve as the basis for a review of our existing body of cryptographic work. We will examine the procedures used to develop each of our cryptographic standards or guidelines to ensure they were developed in accordance with the principles outlined in NIST IR 7977. If any current guidance does not meet the high standards set out in this process, we will address these issues as quickly as possible, taking into consideration the process used to develop the guidance and a technical review of the affected cryptographic algorithms or schemes.

Note to Reviewers:
As part of your review of NIST IR 7977, we request comments on the following topics:

  • Are there other principles that we should use to drive our standards development efforts?
  • What are the most effective processes identified in the draft for engaging the cryptographic community for providing the necessary inclusivity and transparency to develop strong, trustworthy standards? Are there other processes we should consider?
  • Do these processes include appropriate mechanisms to ensure proposed standards are thoroughly reviewed and interested parties’ views are heard? Are there other mechanisms that should be included in our process?
  • What are other communication channels that NIST should consider to effectively communicate with its stakeholders?

Back to Top of Page