Editor’s Note: To read about the Center for Regulatory Effectiveness’s work enhancing federal cyber security transparency, see the Internet Architecture Board’s (IAB) comments to NIST in the matter of the NIST Special Publication 800-90A (Recommendation for Random Number Generation Using Deterministic Random Bit Generators) review proceeding here and CRE’s comments on NIST Special Publication 800-137 Information Security Continuous Monitoring for Federal Information Systems and Organizations here.
Feedback Sought on Development Process
By Eric Chabrow
Because of concerns of possible National Security Agency meddling with its cryptographic standards, the National Institute of Standards and Technology has issued a draft report proposing revisions in how it develops cryptographic standards.
In November, NIST suspended one of its special publications regarding cryptographic standards after reports surfaced that the NSA may have corrupted NIST cryptography guidance dealing with generation of random bits (see NIST to Review Crypto Guidance Methods).
Now, NIST is seeking public comment on a draft document that describes a new method for how the agency develops those cryptographic standards. The draft of Interagency Report 7977, “NIST Cryptographic Standards and Guidelines Development Process,” outlines the proposed principles, processes and procedures of NIST’s cryptographic standards efforts.
Donna Dodson, chief of NIST’s Computer Security Division, says the agency is reviewing its existing standards and guidelines to create a new approach to ensure they adhere to the principles laid out in IR 7977. “If any issues are found, they will be addressed as quickly as possible,” Dodson says.