Date Published: December 2005
Withdrawn: August 22, 2016
Superseded By: SP 800-175A (August 2016); SP 800-175B (August 2016)
Supersedes: SP 800-21 (November 1999)
Author(s)
Elaine Barker (NIST), William Barker (NIST), Annabelle Lee (NIST)
This Second Edition of NIST Special Publication (SP) 800-21, updates and replaces the November 1999 edition of Guideline for Implementing Cryptography in the Federal Government. Many of the references and cryptographic techniques contained in the first edition of NIST SP 800-21 have been amended, rescinded, or superseded since its publication. The current publication offers new tools and techniques. NIST SP 800-21 is intended to provide a structured, yet flexible set of guidelines for selecting, specifying, employing, and evaluating cryptographic protection mechanisms in Federal information systems?and thus, makes a significant contribution toward satisfying the security requirements of the Federal Information Security Management Act (FISMA) of 2002, Public Law 107-347. The current publication also reflects the elimination of the waiver process by the Federal Information Security Management Act (FISMA) of 2002. SP 800-21 includes background information, describes the advantages of using cryptography; defines the role and use of standards and describes standards organizations that are outside the Federal government; describes the methods that are available for symmetric and asymmetric key cryptography; describes implementation issues (e.g., key management); discusses assessments, including the Cryptographic Module Validation Program (CMVP), the Common Criteria (CC), and Certification and Accreditation (C&A); and describes the process of choosing the types of cryptography to be used and selecting a cryptographic method or methods to fulfill a specific requirement.
This Second Edition of NIST Special Publication (SP) 800-21, updates and replaces the November 1999 edition of Guideline for Implementing Cryptography in the Federal Government. Many of the references and cryptographic techniques contained in the first edition of NIST SP 800-21 have been amended,...
See full abstract
This Second Edition of NIST Special Publication (SP) 800-21, updates and replaces the November 1999 edition of Guideline for Implementing Cryptography in the Federal Government. Many of the references and cryptographic techniques contained in the first edition of NIST SP 800-21 have been amended, rescinded, or superseded since its publication. The current publication offers new tools and techniques. NIST SP 800-21 is intended to provide a structured, yet flexible set of guidelines for selecting, specifying, employing, and evaluating cryptographic protection mechanisms in Federal information systems?and thus, makes a significant contribution toward satisfying the security requirements of the Federal Information Security Management Act (FISMA) of 2002, Public Law 107-347. The current publication also reflects the elimination of the waiver process by the Federal Information Security Management Act (FISMA) of 2002. SP 800-21 includes background information, describes the advantages of using cryptography; defines the role and use of standards and describes standards organizations that are outside the Federal government; describes the methods that are available for symmetric and asymmetric key cryptography; describes implementation issues (e.g., key management); discusses assessments, including the Cryptographic Module Validation Program (CMVP), the Common Criteria (CC), and Certification and Accreditation (C&A); and describes the process of choosing the types of cryptography to be used and selecting a cryptographic method or methods to fulfill a specific requirement.
Hide full abstract
Keywords
cryptographic algorithm; cryptographic hash function; cryptographic key; cryptographic module; digital signature; key establishment; key management; message authentication code
Control Families
Contingency Planning;
Incident Response;
Planning;
System and Communications Protection;
System and Services Acquisition;