NIST pledges 'global acceptability' in crypto standards
The National Institute of Standards and Technology is trying to reassert its credibility as a trusted technical agency when it comes to cryptographic standards, almost three years after Edward Snowden's disclosures.
The National Institute of Standards and Technology has issued the final version of a document that outlines its process for developing cryptographic standards and guidelines in an effort to demonstrate its commitment to transparency.
NIST's reputation as an independent body for cryptographic issues took a hit when former National Security Agency contractor Edward Snowden leaked evidence that NSA had subverted a NIST-approved algorithm known as Dual_EC_DRBG. Such algorithms make it more difficult for attackers to decrypt messages.
On March 31, NIST released "NIST Cryptographic Standards and Guidelines Development Process" as an integral part of its effort to rebuild some of the trust that might have been lost.
"Our goal is to develop strong and effective cryptographic standards and guidelines that are broadly accepted and trusted by our stakeholders," said Donna Dodson, NIST's chief cybersecurity adviser, in a statement. "While our primary stakeholder is the federal government, our work has global reach across the public and private sectors. We want a process that results in standards and guidelines that can be used to secure information systems worldwide."
The document contains nine guiding principles that NIST uses to create strong cryptography, which include transparency, openness, balance, technical merit and global acceptability. Officials said global acceptability was added in response to public comments and reflected the worldwide nature of commerce today.
They acknowledged the "possibility for tension between NIST's mission to promulgate the use of strong cryptography, and the law enforcement and national security missions of other agencies," but said they were committed to open, transparent processes.
NEXT STORY: Why feds need to talk to industry about cyber