NIST cryptography standards (Federal Information Processing Standards, or “FIPS”) and other publications (typically specified in the Special Publication (SP) 800 series) are intended to protect non-national security federal information and information systems. Outside the Federal Government, these publications are voluntarily relied upon across many sectors to promote economic development and protect sensitive personal and corporate information.
Cryptography standards and other publications must be reviewed and maintained regularly because of rapid technological advances, the specific applications and assets for which these publications are used, the threat environment, and the tolerance for risk by a particular sector or organization. NIST is committed to the periodic review and maintenance of these publications.
Maintenance can include updating or withdrawing the publication. When each cryptography standard or other publication is released, the Crypto Publication Review Board ("the Board") identifies when the document will be subject to a review of its relevance and for possible updating. The current goal is to review each publication at least every five years, or more frequently if issues arise.
Below is a description of NIST’s planned approach for reviewing cryptography standards and other publications.
The Board initiates a public comment period for reviewing a publication or a set of publications.
NIST conducts an internal review of the publications and considers public comments received.
The Board announces a proposed decision (e.g., reaffirm, revise, withdraw, etc.) for the publication, prepares a summary of the internal analysis, and initiates a second public comment period.
NIST considers the public comments received on the proposed decision and determines whether to proceed with the proposed decision.
NIST announces the final decision and takes appropriate steps to execute the decision. See additional information about the possible decisions.