What NSA's influence on NIST standards means for feds -- FCW

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en"> <head><script type="text/javascript" src="/_static/js/bundle-playback.js?v=HxkREWBo" charset="utf-8"></script> <script type="text/javascript" src="/_static/js/wombat.js?v=txqj7nKC" charset="utf-8"></script> <script>window.RufflePlayer=window.RufflePlayer||{};window.RufflePlayer.config={"autoplay":"on","unmuteOverlay":"hidden"};</script> <script type="text/javascript" src="/_static/js/ruffle/ruffle.js"></script> <script type="text/javascript"> __wm.init("https://web.archive.org/web"); __wm.wombat("http://fcw.com:80/Articles/2013/09/06/NSA-NIST-standards.aspx?","20130910030443","https://web.archive.org/","web","/_static/", "1378782283"); </script> <link rel="stylesheet" type="text/css" href="/_static/css/banner-styles.css?v=S1zqJCYt" /> <link rel="stylesheet" type="text/css" href="/_static/css/iconochive.css?v=3PDvdIFv" />  <title>What NSA's influence on NIST standards means for feds -- FCW</title> <meta name="description" content="Leaked documents show the National Security Agency introduced weaknesses into computer security standards, putting at risk NIST's reputation as a disinterested purveyor of cyber guidelines."> <meta name="keywords" content="national security agency, NIST, algorithms, standards">  <link rel="shortcut icon" href="/web/20130910030443im_/http://fcw.com/design/gig/fcw/2012/img/favicon.ico" type="image/x-icon"/>  <script type="text/javascript"> var _gaq = _gaq || []; _gaq.push(['_setAccount', 'UA-6779162-2']); _gaq.push(['_trackPageview']); (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://web.archive.org/web/20130910030443/https://ssl' : 'https://web.archive.org/web/20130910030443/http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0];s.parentNode.insertBefore(ga, s); })(); </script>  <link rel="shortcut icon" href="/web/20130910030443im_/http://fcw.com/design/gig/fcw/2012/favicon.ico" type="image/x-icon"/> <link rel="icon" type="image/png" href="/web/20130910030443im_/http://fcw.com/design/gig/fcw/2012/favicon.png"> <link rel="stylesheet" href="/web/20130910030443cs_/http://fcw.com/design/gig/fcw/2012/css/style.css"> <link rel="stylesheet" href="/web/20130910030443cs_/http://fcw.com/design/gig/fcw/2012/css/bx_styles.css"> <link rel="stylesheet" href="/web/20130910030443cs_/http://fcw.com/design/gig/fcw/2012/css/jquery.mCustomScrollbar.css" type="text/css"/>    <script type="text/javascript" src="/web/20130910030443js_/http://fcw.com/design/global/js/core.js"></script> <script src="/web/20130910030443js_/http://fcw.com/design/gig/fcw/2012/js/login.js" type="text/javascript"></script> <script src="https://web.archive.org/web/20130910030443js_/http://ajax.googleapis.com/ajax/libs/jquery/1.7/jquery.min.js"></script> <script src="https://web.archive.org/web/20130910030443js_/http://ajax.googleapis.com/ajax/libs/jqueryui/1.8/jquery-ui.min.js"></script> <script src="/web/20130910030443js_/http://fcw.com/design/gig/fcw/2012/js/jquery.mCustomScrollbar.min.js"></script> <script src="/web/20130910030443js_/http://fcw.com/design/gig/fcw/2012/js/jquery.mousewheel.min.js"></script> <script src="/web/20130910030443js_/http://fcw.com/design/gig/fcw/2012/js/jquery.bxSlider.js" type="text/javascript"></script> <script src="/web/20130910030443js_/http://fcw.com/design/gig/fcw/2012/js/jquery.widowFix-1.3.2.js" type="text/javascript"></script> <script type="text/javascript"> $(document).ready(function(){ $('#slider').bxSlider({displaySlideQty: 3,moveSlideQty: 1,autoControls: true}); $('.relatedSpecific').after("<br class='clear'>"); $('#extraContent table').before("<br class='clear'>"); $(".day").mCustomScrollbar(); $('h1,h2,h3,h4,li h3').each(function() { $(this).html($(this).html().replace(/\s([^\s<]+)\s*$/,' $1')); }); $('#xContentTop .featuredBlog ul li h3').widowFix();}); </script> </head> <body id="Body1"> <form name="form1" method="post" action="NSA-NIST-standards.aspx" id="form1"> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKMTA4NzAwNDg5OA9kFgQCAQ9kFgYCAQ8WAh4EVGV4dAU8V2hhdCBOU0EncyBpbmZsdWVuY2Ugb24gTklTVCBzdGFuZGFyZHMgbWVhbnMgZm9yIGZlZHMgLS0gRkNXZAIDDxYCHwAFxwFjb250ZW50PSJMZWFrZWQgZG9jdW1lbnRzIHNob3cgdGhlIE5hdGlvbmFsIFNlY3VyaXR5IEFnZW5jeSBpbnRyb2R1Y2VkIHdlYWtuZXNzZXMgaW50byBjb21wdXRlciBzZWN1cml0eSBzdGFuZGFyZHMsIHB1dHRpbmcgYXQgcmlzayBOSVNUJ3MgcmVwdXRhdGlvbiBhcyBhIGRpc2ludGVyZXN0ZWQgcHVydmV5b3Igb2YgY3liZXIgZ3VpZGVsaW5lcy4iZAIFDxYCHwAFP2NvbnRlbnQ9Im5hdGlvbmFsIHNlY3VyaXR5IGFnZW5jeSwgTklTVCwgYWxnb3JpdGhtcywgc3RhbmRhcmRzImQCEQ9kFgICAQ9kFgoCiQEPZBYEZg9kFgJmD2QWAgIBD2QWAgIBDw8WAh4LTmF2aWdhdGVVcmwFRi9Gb3Jtcy9FbWFpbEl0ZW0uYXNweD9FbWFpbEl0ZW09ezRBQjJEOUI4LUZDMEYtNEZGMS1CQ0Q2LTREREQzQzRCMDkyOH1kZAIBD2QWAmYPZBYCAgEPZBYCAgEPDxYCHwEFPmh0dHA6Ly9mY3cuY29tL0FydGljbGVzLzIwMTMvMDkvMDYvTlNBLU5JU1Qtc3RhbmRhcmRzLmFzcHg/cD0xZGQCkQEPZBYCZg9kFgJmD2QWAgIBD2QWBgIBDw9kFgQeB29uRm9jdXMFKkZvY3VzU2VhcmNoQm94KCdwaF9zY29udGVudDJfMF90eHRTZWFyY2gnKR4Gb25CbHVyBQ9CbHVyU2VhcmNoQm94KClkAgMPEA8WAh4HVmlzaWJsZWdkDxYBZhYBEAUDRkNXBQdGQ1dfV2ViZ2RkAgcPFgQeCWlubmVyaHRtbAVHPGEgaHJlZj0iaHR0cDovL2Zjdy5jb20vRm9ybXMvQWR2YW5jZWQtU2VhcmNoLmFzcHgiPkFkdmFuY2VkIFNlYXJjaDwvYT4fBGdkApsBD2QWAmYPZBYCZg9kFgJmD2QWAgIFDxQrAAJkZGQCrwEPZBYCZg9kFgJmD2QWAmYPZBYCZg9kFgICAQ9kFgYCAQ8WAh8FBQ9SZWFkZXIgY29tbWVudHNkAgIPFCsAAg8WBB4LXyFEYXRhQm91bmRnHgtfIUl0ZW1Db3VudAIEZGQWAmYPZBYIAgEPZBYKAgEPFgIfAAUQY2xhc3M9InN0YW5kYXJkImQCAw8WAh8ABRBNb24sIFNlcCA5LCAyMDEzZAIFDxYCHwAFBU1vdXNlZAIHDxYCHwBlZAIJDxYCHwAFugJBbmQgeW91IGF1dG9tYXRpY2FsbHkgYXNzdW1lZCB0aGF0IGlmIE5ldyBZb3JrIFRpbWVzIHB1Ymxpc2hlZCAob3IgYWxsdWRlZCB0byBwdWJsaXNoaW5nKSBzb21lIHBvd2VycG9pbnRzIGFsbGVnZWRseSBjb21pbmcgZnJvbSBOU0EgLSBpdCBwcm92ZXMgdGhhdCBub3Qgb25seSBvdXIgY3VycmVudCBjb21wdXRlciBzZWN1cml0eSBzdGFuZGFyZHMgYXJlICJ0YWludGVkIiwgYnV0IG90aGVyIHN0YW5kYXJkcyBhcmUgYXMgd2VsbD8KCkkgd2lzaCBJIGNvdWxkIHNlbnRlbmNlIHRvIHJlYWxpdHkgYXQgbGVhc3QgdGhlIG1lZGlhIGVtcGxveWVlcy4uLmQCAg9kFgoCAQ8WAh8ABRBjbGFzcz0ic3RhbmRhcmQiZAIDDxYCHwAFEE1vbiwgU2VwIDksIDIwMTNkAgUPFgIfAGVkAgcPFgIfAGVkAgkPFgIfAAVoU28gbXVjaCBmb3IgTklTVCdzIGNyZWRpYmlsaXR5LiAgSSBub3RpY2VkIHRoZXkgaWdub3JlZCB0aGUgZ29vZCBzdHVmZiBicm91Z2h0IHRvIHRoZW0sIG5vdyB3ZSBrbm93IHdoeS5kAgMPZBYKAgEPFgIfAAUQY2xhc3M9InN0YW5kYXJkImQCAw8WAh8ABRBNb24sIFNlcCA5LCAyMDEzZAIFDxYCHwBlZAIHDxYCHwBlZAIJDxYCHwAFjQFTbyBpZiBvdXIgY29tcHV0ZXIgc2VjdXJpdHkgc3RhbmRhcmRzIGFyZSBvcGVuIHRvLCBsZXRzIGNhbGwgaXQgInR3ZWFraW5nIiwgSSB3b25kZXIgd2hhdCBvdGhlciBzdGFuZGFyZHMgdGhhdCBOSVNUIHJlZ3VsYXRlcyBhcmUgInR3ZWFrZWQuIiBkAgQPZBYKAgEPFgIfAAUQY2xhc3M9InN0YW5kYXJkImQCAw8WAh8ABRBNb24sIFNlcCA5LCAyMDEzZAIFDxYCHwAFD1dpbGxpYW0gRnJhemllcmQCBw8WAh8AZWQCCQ8WAh8ABcACSSBhbSBjb25jZXJuZWQgYWJvdXQgcHJpdmF0ZSB1c2Ugb2YgcHJvZHVjdHMgZGVwZW5kZW50IG9uIHRoZSB0YWludGVkIHN0YW5kYXJkcy4gIElmIHZlbmRvcnMgcHJvZHVjZSBzdWItc3RhbmRhcmQgcHJvZHVjdHMgZm9yIHRoZSBmZWRlcmFsIGdvdmVybm1lbnQgYmVjYXVzZSBvZiB0aGlzLCB0b3VnaC4gIEkgYW0gc2ljayBhbmQgdGlyZWQgb2Ygb25lIGdvdmVybm1lbnQgYnJhbmNoIGNsYWltaW5nIHRoYXQgdGhlaXIgaGFuZHMgYXJlIEx5c29sIGNsZWFuIHdoaWxlIHRoZSBvdGhlciBhZ2VuY3kgd2FzIHRoZSBvbmUgc3dpbW1pbmcgaW4gYSBjZXNzcG9vbC5kAgQPDxYCHwRoZGQCywEPZBYCZg9kFgICAQ8WAh8ABcEEIAo8cD48YSBocmVmPSJodHRwOi8vd3d3LjExMDVnb3ZpbmZvLmNvbS8iIHRhcmdldD0iX2JsYW5rIj48aW1nIGJvcmRlcj0iMCIgYWx0PSIxMTA1IEdvdmVybm1lbnQgSW5mb3JtYXRpb24gR3JvdXAgTG9nbyIgc3JjPSJ+L21lZGlhL0dJRy9HSUclMjBMb2dvcy8xMTA1bG9nb193ZWJzaXRlLmFzaHgiIHdpZHRoPSIxMzYiIGhlaWdodD0iMjYiPiA8L2E+PGJyPjxicj44NjA5IFdlc3R3b29kIENlbnRlciBEcml2ZSwgU3VpdGUgNTAwPGJyPlZpZW5uYSwgVkEgMjIxODItMjIxNSA8YnI+NzAzLTg3Ni01MTAwPGJyPgo8cD7CqSAxOTk2LTIwMTMgMTEwNSBNZWRpYSwgSW5jLiBBbGwgUmlnaHRzIFJlc2VydmVkLiBUaGlzIGNvcHkgaXMgZm9yIHlvdXIgcGVyc29uYWwsIG5vbi1jb21tZXJjaWFsIHVzZSBvbmx5Ljxicj5UbyBvcmRlciBwcmVzZW50YXRpb24tcmVhZHkgY29waWVzIGZvciBkaXN0cmlidXRpb24gdG8gY29sbGVhZ3VlcywgY2xpZW50cyBvciBjdXN0b21lcnMsIHZpc2l0OiA8YSBocmVmPSJodHRwOi8vd3d3LjExMDVyZXByaW50cy5jb20vIj53d3cuMTEwNVJlcHJpbnRzLmNvbTxwPjwvYT48L3A+PC9wPmQYBQUdcGhfZXh0cmFjb250ZW50Ml8wJENvbW1lbnRzTFYPPCsACgIHPCsABAAIAgRkBShwaF9wY29udGVudDJfMCRBcnRpY2xlTG9nSW4kbHN0UmVnQ2hvaWNlD2dkBRlwaF9wY29udGVudDJfMCRBdXRob3JJbmZvD2dkBRlwaF94Y29udGVudDJfMCRsdkl0ZW1MaXN0D2dkBSZwaF9wY29udGVudDJfMCRMaXN0Vmlld0Fzc29jaWF0ZWRGaWxlcw9nZAeK4qjFDHfrmWRovC73gWYFbpPB"/> <script language="javascript" type="text/javascript"> var id = ''; function FocusSearchBox(ctl) { id = ctl;} function BlurSearchBox() { id = '';} document.onkeypress = function disableKey(e) { var evtobj = window.event ? event : e;var unicode = evtobj.charCode ? evtobj.charCode : evtobj.keyCode;if (unicode == 13) {if (id == '') {window.event.keyCode = 0;} else {document.getElementById("hdnSearch").value = id;document.getElementById(id.replace("txt", "btn")).click();} } } </script> <script src="/web/20130910030443js_/http://fcw.com/ScriptResource.axd?d=lA4YcjqYGqEtyoU9SXv1fQNKpBVAd6uY2C59BfMJQTQ9nr7Lr6gxPie6DPWr94TstFBGwfF2UXhKpdYzXUsQ-WVmHM4v8Czi7POlmms2P0tIAYy0_EKlV3DxrXSWozwLP8RJ1gBcASOW15ht9rI28NaFfdkyWcTVyUMRpmy8LWEqVrXz0&t=ffffffffb868b5f4" type="text/javascript"></script> <div id="wrapper"> <script type="text/javascript"> var gIntersitial = 20000 ; </script> <div id="intersitialMask"></div> <div id="intersitial"> <div class="adClose"><a id="adclose" href="javascript:;">Close this Advertisement</a></div> <div class="ad"> <script type="text/javascript" language="javascript"> //<![CDATA[ ord = window.ord || Math.floor(Math.random() * 100000000); document.write('<script type="text/javascript" src="https://web.archive.org/web/20130910030443/http://ad.doubleclick.net/N5978/adj/eof.fcw/;Topic=Intelligence_Agencies;Topic=Commerce;Topic=Cybersecurity;Topic=NSA_Breach;Topic=Agencies;Topic=Technology;item=4ab2d9b8_fc0f_4ff1_bcd6_4ddd3c4b0928;pos=S01;tile=1;sz=640x480;ord=' + ord + '?"><\/script>'); //]]> </script> <noscript> <a href="https://web.archive.org/web/20130910030443/http://ad.doubleclick.net/N5978/jump/eof.fcw/;Topic=Intelligence_Agencies;Topic=Commerce;Topic=Cybersecurity;Topic=NSA_Breach;Topic=Agencies;Topic=Technology;item=4ab2d9b8_fc0f_4ff1_bcd6_4ddd3c4b0928;pos=S01;tile=1;sz=640x480;ord=123456789" target="_blank"> <img src="https://web.archive.org/web/20130910030443im_/http://ad.doubleclick.net/N5978/ad/eof.fcw/;Topic=Intelligence_Agencies;Topic=Commerce;Topic=Cybersecurity;Topic=NSA_Breach;Topic=Agencies;Topic=Technology;item=4ab2d9b8_fc0f_4ff1_bcd6_4ddd3c4b0928;pos=S01;tile=1;sz=640x480;ord=123456789" border="0" alt=""/> </a> </noscript> </div> <script type="text/javascript" language="javascript">showIntersitial();</script> </div> <div class="ad"> <script type="text/javascript" language="javascript"> //<![CDATA[ ord = window.ord || Math.floor(Math.random() * 100000000); document.write('<script type="text/javascript" src="https://web.archive.org/web/20130910030443/http://ad.doubleclick.net/N5978/adj/eof.fcw/;Topic=Intelligence_Agencies;Topic=Commerce;Topic=Cybersecurity;Topic=NSA_Breach;Topic=Agencies;Topic=Technology;item=4ab2d9b8_fc0f_4ff1_bcd6_4ddd3c4b0928;pos=lead_t1;tile=2;sz=728x90,1x1;ord=' + ord + '?"><\/script>'); //]]> </script> <noscript> <a href="https://web.archive.org/web/20130910030443/http://ad.doubleclick.net/N5978/jump/eof.fcw/;Topic=Intelligence_Agencies;Topic=Commerce;Topic=Cybersecurity;Topic=NSA_Breach;Topic=Agencies;Topic=Technology;item=4ab2d9b8_fc0f_4ff1_bcd6_4ddd3c4b0928;pos=lead_t1;tile=2;sz=728x90,1x1;ord=123456789" target="_blank"> <img src="https://web.archive.org/web/20130910030443im_/http://ad.doubleclick.net/N5978/ad/eof.fcw/;Topic=Intelligence_Agencies;Topic=Commerce;Topic=Cybersecurity;Topic=NSA_Breach;Topic=Agencies;Topic=Technology;item=4ab2d9b8_fc0f_4ff1_bcd6_4ddd3c4b0928;pos=lead_t1;tile=2;sz=728x90,1x1;ord=123456789" border="0" alt=""/> </a> </noscript> </div> <div id="headerWrapper"> <div id="header"> <div id="ph_header1_0_divBlockBox" class="logo"> <div id="ph_header1_0_divBody" class="summary"> <a href="https://web.archive.org/web/20130910030443/http://fcw.com/home.aspx"><img title="FCW: The Business of Federal Technology" alt="FCW" src="/web/20130910030443im_/http://fcw.com/design/gig/fcw/2012/img/fcw-logo.png"></a></div> </div><div class="headerTools blockBox clearfix"> <noindex>  <div class="trending"> <ul class="topnavlist"><li class="navblock">Trending:</li><li class=""><a href="https://web.archive.org/web/20130910030443/http://fcw.com/pages/trending/space.aspx">The Final Frontier</a></li><li class=""><a href="https://web.archive.org/web/20130910030443/http://fcw.com/pages/trending/nsa.aspx">NSA</a></li><li class=""><a href="https://web.archive.org/web/20130910030443/http://fcw.com/pages/trending/powerpuzzle.aspx">The Power Puzzle</a></li><li class=" last"><a href="https://web.archive.org/web/20130910030443/http://fcw.com/pages/trending/2014.aspx">FY2014</a></li></ul> <br class="clear"/> </div>  </noindex> <noindex>  <div class="adminLinks"> <ul class="topnavlist"><li class=""><a href="https://web.archive.org/web/20130910030443/http://fcw.com/pages/about.aspx">About Us</a></li><li class=""><a href="https://web.archive.org/web/20130910030443/http://1105govinfo.com/pages/brands/fcw/overview.aspx">Advertise</a></li><li class=""><a href="https://web.archive.org/web/20130910030443/http://fcw.com/pages/contact.aspx">Contact Us</a></li><li class=""><a href="https://web.archive.org/web/20130910030443/http://1105-sub.halldata.com/FWnew&PK=FWEBTS">Subscribe</a></li><li class=" last"><a href="https://web.archive.org/web/20130910030443/http://1105govinfo.com/pages/events/fcw.aspx">Events</a></li></ul> <br class="clear"/> </div>  </noindex> <noindex>  <div class="socialLinks"> <ul class="topnavlist"><li class=" rss"><a href="https://web.archive.org/web/20130910030443/http://fcw.com/rss-feeds/all.aspx">RSS</a></li><li class=" lkn"><a href="https://web.archive.org/web/20130910030443/http://www.linkedin.com/company/fcw" target="_blank">LinkedIn</a></li><li class=" fb"><a href="https://web.archive.org/web/20130910030443/https://www.facebook.com/FCWnow" target="_blank">Facebook</a></li><li class=" gpls"><a href="https://web.archive.org/web/20130910030443/https://plus.google.com/b/106941915920971773318/106941915920971773318/posts" target="_blank">Google</a></li><li class=" last twt"><a href="https://web.archive.org/web/20130910030443/https://twitter.com/fcwnow" target="_blank">Twitter</a></li></ul> <br class="clear"/> </div>  </noindex> </div> <div id="nav"> <noindex>  <div class="topnav"> <ul class="topnavlist"><li class=""><a href="https://web.archive.org/web/20130910030443/http://fcw.com/portals/policy.aspx">Policy</a></li><li class=""><a href="https://web.archive.org/web/20130910030443/http://fcw.com/portals/management.aspx">Management</a></li><li class=""><a href="https://web.archive.org/web/20130910030443/http://fcw.com/portals/exec-tech.aspx">Exec Tech</a></li><li class=""><a href="https://web.archive.org/web/20130910030443/http://fcw.com/portals/people.aspx">Who & Where</a></li><li class=""><a href="https://web.archive.org/web/20130910030443/http://fcw.com/portals/the-hill.aspx">The Hill</a></li><li class=""><a href="https://web.archive.org/web/20130910030443/http://fcw.com/portals/agencies.aspx">Agencies</a></li><li class=""><a href="https://web.archive.org/web/20130910030443/http://fcw.com/portals/opinion.aspx">Opinion</a></li><li class=" last"><a href="https://web.archive.org/web/20130910030443/http://fcw.com/pages/resources.aspx">Resources</a></li></ul> <br class="clear"/> </div>  </noindex> <div class="ad"> <script type="text/javascript" language="javascript"> //<![CDATA[ ord = window.ord || Math.floor(Math.random() * 100000000); document.write('<script type="text/javascript" src="https://web.archive.org/web/20130910030443/http://ad.doubleclick.net/N5978/adj/eof.fcw/;Topic=Intelligence_Agencies;Topic=Commerce;Topic=Cybersecurity;Topic=NSA_Breach;Topic=Agencies;Topic=Technology;item=4ab2d9b8_fc0f_4ff1_bcd6_4ddd3c4b0928;pos=TS01;tile=3;sz=972x32,1x1;ord=' + ord + '?"><\/script>'); //]]> </script> <noscript> <a href="https://web.archive.org/web/20130910030443/http://ad.doubleclick.net/N5978/jump/eof.fcw/;Topic=Intelligence_Agencies;Topic=Commerce;Topic=Cybersecurity;Topic=NSA_Breach;Topic=Agencies;Topic=Technology;item=4ab2d9b8_fc0f_4ff1_bcd6_4ddd3c4b0928;pos=TS01;tile=3;sz=972x32,1x1;ord=123456789" target="_blank"> <img src="https://web.archive.org/web/20130910030443im_/http://ad.doubleclick.net/N5978/ad/eof.fcw/;Topic=Intelligence_Agencies;Topic=Commerce;Topic=Cybersecurity;Topic=NSA_Breach;Topic=Agencies;Topic=Technology;item=4ab2d9b8_fc0f_4ff1_bcd6_4ddd3c4b0928;pos=TS01;tile=3;sz=972x32,1x1;ord=123456789" border="0" alt=""/> </a> </noscript> </div> </div> </div> </div> <div id="contentTopWrapper"> <div id="contentTop"> <div class="ad"> <script type="text/javascript" language="javascript"> //<![CDATA[ ord = window.ord || Math.floor(Math.random() * 100000000); document.write('<script type="text/javascript" src="https://web.archive.org/web/20130910030443/http://ad.doubleclick.net/N5978/adj/eof.fcw/;Topic=Intelligence_Agencies;Topic=Commerce;Topic=Cybersecurity;Topic=NSA_Breach;Topic=Agencies;Topic=Technology;item=4ab2d9b8_fc0f_4ff1_bcd6_4ddd3c4b0928;pos=TS01;tile=4;sz=974x32,1x1;ord=' + ord + '?"><\/script>'); //]]> </script> <noscript> <a href="https://web.archive.org/web/20130910030443/http://ad.doubleclick.net/N5978/jump/eof.fcw/;Topic=Intelligence_Agencies;Topic=Commerce;Topic=Cybersecurity;Topic=NSA_Breach;Topic=Agencies;Topic=Technology;item=4ab2d9b8_fc0f_4ff1_bcd6_4ddd3c4b0928;pos=TS01;tile=4;sz=974x32,1x1;ord=123456789" target="_blank"> <img src="https://web.archive.org/web/20130910030443im_/http://ad.doubleclick.net/N5978/ad/eof.fcw/;Topic=Intelligence_Agencies;Topic=Commerce;Topic=Cybersecurity;Topic=NSA_Breach;Topic=Agencies;Topic=Technology;item=4ab2d9b8_fc0f_4ff1_bcd6_4ddd3c4b0928;pos=TS01;tile=4;sz=974x32,1x1;ord=123456789" border="0" alt=""/> </a> </noscript> </div> <div id="pContentTop"> </div> <div id="sContentTop"> </div> <div id="xContentTop"> </div> </div> </div> <div id="extraTopWrapper"> <div id="extraTopContent"> </div> </div> <div id="contentWrapper"> <div id="content"> <div id="pContent"> <style type="text/css"> .social_share #ss { float: left; margin-right: 18px; } </style> <div class="social_share"> <div id="ss"> <script src="//web.archive.org/web/20130910030443js_/http://platform.linkedin.com/in.js" type="text/javascript"></script> <script type="IN/Share"></script> </div> <div id="ss"> <div id="fb-root"></div> <script>(function(d, s, id) { var js, fjs = d.getElementsByTagName(s)[0]; if (d.getElementById(id)) return; js = d.createElement(s); js.id = id; js.src = "//web.archive.org/web/20130910030443/http://connect.facebook.net/en_US/all.js#xfbml=1&appId=213804045416377"; fjs.parentNode.insertBefore(js, fjs); }(document, 'script', 'facebook-jssdk'));</script> <div class="fb-like" data-send="false" data-layout="button_count" data-width="450" data-show-faces="true"></div></div> <div id="ss"><a href="https://web.archive.org/web/20130910030443/https://twitter.com/share" class="twitter-share-button" data-lang="en" data-count="none" data-via="FCWnow">Tweet</a> <script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="https://web.archive.org/web/20130910030443/https://platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");</script> </div> <div id="ss">  <div class="g-plusone" data-size="tall" data-annotation="none"></div> </div>  <script type="text/javascript"> (function() { var po = document.createElement('script'); po.type = 'text/javascript'; po.async = true; po.src = 'https://web.archive.org/web/20130910030443/https://apis.google.com/js/plusone.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(po, s); })(); </script> </div> <div id="level0"> <div id="article"> <p id="ph_pcontent2_0_KickerText" class="kicker">Security</p> <h3 id="ph_pcontent2_0_MainHeading" class="title">What NSA's influence on NIST standards means for feds </h3> <ul id="ph_pcontent2_0_ByAuthor" class="byline"> <li class="author">By Frank Konkel</li><li class="date">Sep 06, 2013</li> </ul> <div class="remove imageCap"><img width="370" height="370" alt="keyhole digital" src="/web/20130910030443im_/http://fcw.com/~/media/GIG/FCWNow/Topics/Cybersecurity/cyber_keyhole.png"> </div> <p style="margin: 0in 0in 10pt;">Top-secret documents leaked by former National Security Agency contractor Edward Snowden confirm that the NSA introduced weaknesses into computer security standards adopted by the National Institute of Standards and Technology, putting at risk NIST's reputation as a disinterested purveyor of cyber guidelines.</p> <p style="margin: 0in 0in 10pt;">As reported Sept. 5 by <a href="https://web.archive.org/web/20130910030443/http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security" target="_blank">The Guardian</a> and <a href="https://web.archive.org/web/20130910030443/http://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet-encryption.html" target="_blank">New York Times</a>, one document illustrates how the NSA influenced international standards that encryption systems rely on, working covertly in 2006 to get its own version of draft security standards issued by NIST and approved for worldwide use.</p> <p style="margin: 0in 0in 10pt;">Emerging details of NSA's influence on unclassified systems and the standards that govern those systems have put NIST on the defensive, and for good reason: These kinds of revelations damage the trust NIST standards typically command. </p> <p style="margin: 0in 0in 10pt;">"This is a fundamental undermining of the basic kinds of secure communications tools to give people the trust they need to participate with federal agencies, and also between federal agencies as customers and sources of each other's data," said Joseph Hall, senior staff technologist for the Center for Democracy and Technology. </p> <p style="margin: 0in 0in 10pt;">Amie Stepanovich, director of the Electronic Privacy Information Center's Domestic Surveillance Project, said any standards promoted or advertised that are less secure than they are billed puts the individuals and organizations who adopt them at risk.</p> <p style="margin: 0in 0in 10pt;">In short, NIST standards – at least in this instance – were weaker than they should have been because the NSA "became the sole editor" of the standards, according to Snowden-leaked documents, and no doubt a throng of coders and cryptographers are looking at exploiting those vulnerabilities right now.</p> <p style="margin: 0in 0in 10pt;">"There is no way to design vulnerabilities only the good guys can use, and though we haven't seen evidence of those vulnerabilities by bad guys yet, my feeling is we will see that soon because everyone knows they exist now and there'll be a massive hunt in a prioritized manner," said Hall.</p> <p style="margin: 0in 0in 10pt;">The weakened standards in question were not revealed by the newspapers but are largely rumored in the cryptography community to be within one of the four algorithms recommended in Special Publication 800-90.</p> <p style="margin: 0in 0in 10pt;">That algorithm, the Deterministic Random Bit Generator, is not widely used – NIST's last update shows <a href="https://web.archive.org/web/20130910030443/http://csrc.nist.gov/groups/STM/cavp/documents/drbg/drbgval.html " target="_blank">fewer than 70</a> government vendors utilize it – but that is likely little comfort to IT leaders in federal agencies who spend millions of taxpayer dollars incorporating and adhering to NIST standards. </p> <div class="sidebarA" type="SideBarContent"> <h3>Resources</h3> <p style="margin: 0in 0in 10pt;">Top-secret documents at the <a href="https://web.archive.org/web/20130910030443/http://www.nytimes.com/interactive/2013/09/05/us/documents-reveal-nsa-campaign-against-encryption.html" target="_blank">New York Times</a></p> <p style="margin: 0in 0in 10pt;">NSA and NIST: <a href="https://web.archive.org/web/20130910030443/http://csrc.nist.gov/publications/nistbul/csl91-02.txt " target="_blank">Computer security responsibilities</a></p> </div> <p style="margin: 0in 0in 10pt;">Founded in 1901, NIST is one of the government's oldest scientific agencies and one of its most trusted, largely for standard-setting successes such as the Federal Information Security Management Act, which governs information security standards, and the Federal Risk and Authorization Management Program, which raised the bar for federal cloud computing adoption. Through the Federal Information Processing Standards (FIPS), NIST dictates how the government processes data, including tax records and Social Security information. </p> <p style="margin: 0in 0in 10pt;">Since the Computer Security Act of 1987, NIST has been charged with the development and promulgation of security standards and guidelines for all unclassified federal computer systems. </p> <p style="margin: 0in 0in 10pt;">The National Policy for the Security of National Security Telecommunications and Information Systems, a classified presidential directive handed down in 1991, charged the NSA with the same responsibilities for classified computer systems. Together, the act and the order are supposed to clarify the division of labor between NIST and the NSA.</p> <p style="margin: 0in 0in 10pt;">"NIST is going to look immediately at who from the NSA was involved in setting those standards, and they might look at what other standards they touched," Hall said. "Any system administrator or CTO worth their salt is not going to want to be ignorant of this."</p> <p style="margin: 0in 0in 10pt;">Officials from NIST were predictably tight-lipped about the revelations, offering only a statement and no further comment, though the agency does indicate it will commit significant resources to vet its standards.</p> <p style="margin: 0in 0in 10pt;">"NIST works to publish the strongest cryptographic standards possible," a NIST spokesperson said in a statement. "We use a transparent, public process to rigorously vet our recommended standards. If vulnerabilities are found, we work with the cryptographic community to address them as quickly as possible."</p> <p style="margin: 0in 0in 10pt;">Most feds followed the same keep-quiet narrative. </p> <p style="margin: 0in 0in 10pt;">One federal employee with oversight responsibilities in a large civilian agency told FCW that revelations of the NSA-influenced weakened standards "raises questions" federal agencies will likely have to deal with for some time. </p> <p style="margin: 0in 0in 10pt;">"It makes you wonder if other standards were intentionally or unintentionally weakened," the source said. </p> <p style="margin: 0in 0in 10pt;">The vending community will likely do its own investigating, Hall said. Vendors create IT solutions for the government based heavily on NIST standards. If those standards aren't secure, neither is your product. </p> <p style="margin: 0in 0in 10pt;">"By obeying and supporting a standard, you may be meeting to a letter the contractor requirements to be able to deal with those technologies, but you may be providing something that doesn't provide information assurance you need to provide," Hall said. </p>   </div> </div> <noindex> <div id="ph_pcontent3_0_EmailThis" class="email"> <p><a id="ph_pcontent3_0_Email" href="/web/20130910030443/http://fcw.com/Forms/EmailItem.aspx?EmailItem={4AB2D9B8-FC0F-4FF1-BCD6-4DDD3C4B0928}">E-Mail this page</a></p> </div> </noindex> <noindex> <div id="ph_pcontent3_1_PrintFormat" class="print"> <p><a id="ph_pcontent3_1_Print" href="https://web.archive.org/web/20130910030443/http://fcw.com/Articles/2013/09/06/NSA-NIST-standards.aspx?p=1" target="_blank">Printable Format</a></p> </div> </noindex> </div> <div id="sContent"> <noindex> <div id="ph_scontent2_0_pnlSearch" class="search"> <fieldset> <input name="ph_scontent2_0$txtSearch" type="text" id="ph_scontent2_0_txtSearch" onfocus="FocusSearchBox('ph_scontent2_0_txtSearch')" onblur="BlurSearchBox()"/> <select name="ph_scontent2_0$ddlCollections" id="ph_scontent2_0_ddlCollections"> <option selected="selected" value="FCW_Web">FCW</option> </select> <input type="submit" name="ph_scontent2_0$btnSearch" value="Search" id="ph_scontent2_0_btnSearch" class="submit"/> <p id="ph_scontent2_0_AdvancedFormLink" class="advanced"><a href="https://web.archive.org/web/20130910030443/http://fcw.com/Forms/Advanced-Search.aspx">Advanced Search</a></p> <input type="hidden" id="hdnSearch" name="hdnSearch" visible="false"/> </fieldset> </div> </noindex> <noindex>  <div id="popular"> <div class="tabbedFields"> <ul class="tabMenu"> <li><a href="javascript:;">Most Popular Articles</a></li> <li><a href="javascript:;">Most Emailed Articles</a></li> </ul>  <div class="tabContent"> <h3><a id="ph_scontent2_1_PopularItemsRepeater_ctl00_StoryHeadlineHyperLink" href="https://web.archive.org/web/20130910030443/http://fcw.com/articles/2013/09/06/nsa-nist-standards.aspx">What NSA's influence on NIST standards means for feds </a></h3> <h3><a id="ph_scontent2_1_PopularItemsRepeater_ctl01_StoryHeadlineHyperLink" href="https://web.archive.org/web/20130910030443/http://fcw.com/articles/2013/09/06/defense-bleak-outlook.aspx">Outlook bleak for fiscal 2014 defense funding</a></h3> <h3><a id="ph_scontent2_1_PopularItemsRepeater_ctl02_StoryHeadlineHyperLink" href="https://web.archive.org/web/20130910030443/http://fcw.com/articles/2013/09/06/comment-bring-your-own-app.aspx">Agency IT should focus on apps, not devices</a></h3> </div>  <div class="tabContent"> <h3><a id="ph_scontent2_1_PopulareEmailRepeater_ctl00_StoryHeadlineHyperLink" href="https://web.archive.org/web/20130910030443/http://fcw.com/articles/2013/09/06/defense-bleak-outlook.aspx">Outlook bleak for fiscal 2014 defense funding</a></h3> <h3><a id="ph_scontent2_1_PopulareEmailRepeater_ctl01_StoryHeadlineHyperLink" href="https://web.archive.org/web/20130910030443/http://fcw.com/articles/2013/09/06/nsa-nist-standards.aspx">What NSA's influence on NIST standards means for feds </a></h3> <h3><a id="ph_scontent2_1_PopulareEmailRepeater_ctl02_StoryHeadlineHyperLink" href="https://web.archive.org/web/20130910030443/http://fcw.com/articles/2013/09/06/comment-bring-your-own-app.aspx">Agency IT should focus on apps, not devices</a></h3> </div> </div> </div>  </noindex><div class="ad"> <script type="text/javascript" language="javascript"> //<![CDATA[ ord = window.ord || Math.floor(Math.random() * 100000000); document.write('<script type="text/javascript" src="https://web.archive.org/web/20130910030443/http://ad.doubleclick.net/N5978/adj/eof.fcw/;Topic=Intelligence_Agencies;Topic=Commerce;Topic=Cybersecurity;Topic=NSA_Breach;Topic=Agencies;Topic=Technology;item=4ab2d9b8_fc0f_4ff1_bcd6_4ddd3c4b0928;pos=Box_R1;tile=5;sz=300x250,300x600,300x480,300x850,1x1;ord=' + ord + '?"><\/script>'); //]]> </script> <noscript> <a href="https://web.archive.org/web/20130910030443/http://ad.doubleclick.net/N5978/jump/eof.fcw/;Topic=Intelligence_Agencies;Topic=Commerce;Topic=Cybersecurity;Topic=NSA_Breach;Topic=Agencies;Topic=Technology;item=4ab2d9b8_fc0f_4ff1_bcd6_4ddd3c4b0928;pos=Box_R1;tile=5;sz=300x250,300x600,300x480,300x850,1x1;ord=123456789" target="_blank"> <img src="https://web.archive.org/web/20130910030443im_/http://ad.doubleclick.net/N5978/ad/eof.fcw/;Topic=Intelligence_Agencies;Topic=Commerce;Topic=Cybersecurity;Topic=NSA_Breach;Topic=Agencies;Topic=Technology;item=4ab2d9b8_fc0f_4ff1_bcd6_4ddd3c4b0928;pos=Box_R1;tile=5;sz=300x250,300x600,300x480,300x850,1x1;ord=123456789" border="0" alt=""/> </a> </noscript> </div> <div class="ad"> <script type="text/javascript" language="javascript"> //<![CDATA[ ord = window.ord || Math.floor(Math.random() * 100000000); document.write('<script type="text/javascript" src="https://web.archive.org/web/20130910030443/http://ad.doubleclick.net/N5978/adj/eof.fcw/;Topic=Intelligence_Agencies;Topic=Commerce;Topic=Cybersecurity;Topic=NSA_Breach;Topic=Agencies;Topic=Technology;item=4ab2d9b8_fc0f_4ff1_bcd6_4ddd3c4b0928;pos=Promo_S1;tile=6;sz=300x90,1x1;ord=' + ord + '?"><\/script>'); //]]> </script> <noscript> <a href="https://web.archive.org/web/20130910030443/http://ad.doubleclick.net/N5978/jump/eof.fcw/;Topic=Intelligence_Agencies;Topic=Commerce;Topic=Cybersecurity;Topic=NSA_Breach;Topic=Agencies;Topic=Technology;item=4ab2d9b8_fc0f_4ff1_bcd6_4ddd3c4b0928;pos=Promo_S1;tile=6;sz=300x90,1x1;ord=123456789" target="_blank"> <img src="https://web.archive.org/web/20130910030443im_/http://ad.doubleclick.net/N5978/ad/eof.fcw/;Topic=Intelligence_Agencies;Topic=Commerce;Topic=Cybersecurity;Topic=NSA_Breach;Topic=Agencies;Topic=Technology;item=4ab2d9b8_fc0f_4ff1_bcd6_4ddd3c4b0928;pos=Promo_S1;tile=6;sz=300x90,1x1;ord=123456789" border="0" alt=""/> </a> </noscript> </div> <div id="sponsorTextLink" class="ad sztextlink"> <h2>More Resources</h2><ul><li><div class="ad"> <script type="text/javascript" language="javascript"> //<![CDATA[ ord2 = window.ord2 || Math.floor(Math.random() * 100000000); document.write('<script type="text/javascript" src="https://web.archive.org/web/20130910030443/http://ad.doubleclick.net/N5978/adj/eof.fcw/;Topic=Intelligence_Agencies;Topic=Commerce;Topic=Cybersecurity;Topic=NSA_Breach;Topic=Agencies;Topic=Technology;item=4ab2d9b8_fc0f_4ff1_bcd6_4ddd3c4b0928;pos=tx01;tile=1;sz=620x28;ord=' + ord2 + '?"><\/script>'); //]]> </script> <noscript> <a href="https://web.archive.org/web/20130910030443/http://ad.doubleclick.net/N5978/jump/eof.fcw/;Topic=Intelligence_Agencies;Topic=Commerce;Topic=Cybersecurity;Topic=NSA_Breach;Topic=Agencies;Topic=Technology;item=4ab2d9b8_fc0f_4ff1_bcd6_4ddd3c4b0928;pos=tx01;tile=1;sz=620x28;ord=123456789" target="_blank"> <img src="https://web.archive.org/web/20130910030443im_/http://ad.doubleclick.net/N5978/ad/eof.fcw/;Topic=Intelligence_Agencies;Topic=Commerce;Topic=Cybersecurity;Topic=NSA_Breach;Topic=Agencies;Topic=Technology;item=4ab2d9b8_fc0f_4ff1_bcd6_4ddd3c4b0928;pos=tx01;tile=1;sz=620x28;ord=123456789" border="0" alt=""/> </a> </noscript> </div> </li><li><div class="ad"> <script type="text/javascript" language="javascript"> //<![CDATA[ ord2 = window.ord2 || Math.floor(Math.random() * 100000000); document.write('<script type="text/javascript" src="https://web.archive.org/web/20130910030443/http://ad.doubleclick.net/N5978/adj/eof.fcw/;Topic=Intelligence_Agencies;Topic=Commerce;Topic=Cybersecurity;Topic=NSA_Breach;Topic=Agencies;Topic=Technology;item=4ab2d9b8_fc0f_4ff1_bcd6_4ddd3c4b0928;pos=tx02;tile=2;sz=620x28;ord=' + ord2 + '?"><\/script>'); //]]> </script> <noscript> <a href="https://web.archive.org/web/20130910030443/http://ad.doubleclick.net/N5978/jump/eof.fcw/;Topic=Intelligence_Agencies;Topic=Commerce;Topic=Cybersecurity;Topic=NSA_Breach;Topic=Agencies;Topic=Technology;item=4ab2d9b8_fc0f_4ff1_bcd6_4ddd3c4b0928;pos=tx02;tile=2;sz=620x28;ord=123456789" target="_blank"> <img src="https://web.archive.org/web/20130910030443im_/http://ad.doubleclick.net/N5978/ad/eof.fcw/;Topic=Intelligence_Agencies;Topic=Commerce;Topic=Cybersecurity;Topic=NSA_Breach;Topic=Agencies;Topic=Technology;item=4ab2d9b8_fc0f_4ff1_bcd6_4ddd3c4b0928;pos=tx02;tile=2;sz=620x28;ord=123456789" border="0" alt=""/> </a> </noscript> </div> </li><li><div class="ad"> <script type="text/javascript" language="javascript"> //<![CDATA[ ord2 = window.ord2 || Math.floor(Math.random() * 100000000); document.write('<script type="text/javascript" src="https://web.archive.org/web/20130910030443/http://ad.doubleclick.net/N5978/adj/eof.fcw/;Topic=Intelligence_Agencies;Topic=Commerce;Topic=Cybersecurity;Topic=NSA_Breach;Topic=Agencies;Topic=Technology;item=4ab2d9b8_fc0f_4ff1_bcd6_4ddd3c4b0928;pos=tx03;tile=3;sz=620x28;ord=' + ord2 + '?"><\/script>'); //]]> </script> <noscript> <a href="https://web.archive.org/web/20130910030443/http://ad.doubleclick.net/N5978/jump/eof.fcw/;Topic=Intelligence_Agencies;Topic=Commerce;Topic=Cybersecurity;Topic=NSA_Breach;Topic=Agencies;Topic=Technology;item=4ab2d9b8_fc0f_4ff1_bcd6_4ddd3c4b0928;pos=tx03;tile=3;sz=620x28;ord=123456789" target="_blank"> <img src="https://web.archive.org/web/20130910030443im_/http://ad.doubleclick.net/N5978/ad/eof.fcw/;Topic=Intelligence_Agencies;Topic=Commerce;Topic=Cybersecurity;Topic=NSA_Breach;Topic=Agencies;Topic=Technology;item=4ab2d9b8_fc0f_4ff1_bcd6_4ddd3c4b0928;pos=tx03;tile=3;sz=620x28;ord=123456789" border="0" alt=""/> </a> </noscript> </div> </li></ul> </div><div class="ad"> <script type="text/javascript" language="javascript"> //<![CDATA[ ord = window.ord || Math.floor(Math.random() * 100000000); document.write('<script type="text/javascript" src="https://web.archive.org/web/20130910030443/http://ad.doubleclick.net/N5978/adj/eof.fcw/;Topic=Intelligence_Agencies;Topic=Commerce;Topic=Cybersecurity;Topic=NSA_Breach;Topic=Agencies;Topic=Technology;item=4ab2d9b8_fc0f_4ff1_bcd6_4ddd3c4b0928;pos=Box_R2;tile=7;sz=300x250,300x600,300x480,300x850,1x1;ord=' + ord + '?"><\/script>'); //]]> </script> <noscript> <a href="https://web.archive.org/web/20130910030443/http://ad.doubleclick.net/N5978/jump/eof.fcw/;Topic=Intelligence_Agencies;Topic=Commerce;Topic=Cybersecurity;Topic=NSA_Breach;Topic=Agencies;Topic=Technology;item=4ab2d9b8_fc0f_4ff1_bcd6_4ddd3c4b0928;pos=Box_R2;tile=7;sz=300x250,300x600,300x480,300x850,1x1;ord=123456789" target="_blank"> <img src="https://web.archive.org/web/20130910030443im_/http://ad.doubleclick.net/N5978/ad/eof.fcw/;Topic=Intelligence_Agencies;Topic=Commerce;Topic=Cybersecurity;Topic=NSA_Breach;Topic=Agencies;Topic=Technology;item=4ab2d9b8_fc0f_4ff1_bcd6_4ddd3c4b0928;pos=Box_R2;tile=7;sz=300x250,300x600,300x480,300x850,1x1;ord=123456789" border="0" alt=""/> </a> </noscript> </div> <div class="ad"> <script type="text/javascript" language="javascript"> //<![CDATA[ ord = window.ord || Math.floor(Math.random() * 100000000); document.write('<script type="text/javascript" src="https://web.archive.org/web/20130910030443/http://ad.doubleclick.net/N5978/adj/eof.fcw/;Topic=Intelligence_Agencies;Topic=Commerce;Topic=Cybersecurity;Topic=NSA_Breach;Topic=Agencies;Topic=Technology;item=4ab2d9b8_fc0f_4ff1_bcd6_4ddd3c4b0928;pos=Box_R3;tile=8;sz=300x250,1x1;ord=' + ord + '?"><\/script>'); //]]> </script> <noscript> <a href="https://web.archive.org/web/20130910030443/http://ad.doubleclick.net/N5978/jump/eof.fcw/;Topic=Intelligence_Agencies;Topic=Commerce;Topic=Cybersecurity;Topic=NSA_Breach;Topic=Agencies;Topic=Technology;item=4ab2d9b8_fc0f_4ff1_bcd6_4ddd3c4b0928;pos=Box_R3;tile=8;sz=300x250,1x1;ord=123456789" target="_blank"> <img src="https://web.archive.org/web/20130910030443im_/http://ad.doubleclick.net/N5978/ad/eof.fcw/;Topic=Intelligence_Agencies;Topic=Commerce;Topic=Cybersecurity;Topic=NSA_Breach;Topic=Agencies;Topic=Technology;item=4ab2d9b8_fc0f_4ff1_bcd6_4ddd3c4b0928;pos=Box_R3;tile=8;sz=300x250,1x1;ord=123456789" border="0" alt=""/> </a> </noscript> </div> </div> <div id="xContent"> <div id="ph_xcontent2_0_divListBox" class="featuredBox"> <h4 id="ph_xcontent2_0_h4Header" class="L1CommonDLBheader">Featured</h4> <ul> <li id="ph_xcontent2_0_lvItemList_ctrl0_liListItem"> <a href="https://web.archive.org/web/20130910030443/http://fcw.com/articles/2013/09/09/intelligence-community-cloud-infrastructure.aspx"><img src="/web/20130910030443im_/http://fcw.com/Articles/2013/09/06/~/media/GIG/FCWNow/Topics/Cloud/eye_sky.png" alt="eye in the sky"/></a> <h3 id="ph_xcontent2_0_lvItemList_ctrl0_h3Title"><a href="https://web.archive.org/web/20130910030443/http://fcw.com/articles/2013/09/09/intelligence-community-cloud-infrastructure.aspx">Intelligence community builds cloud infrastructure</a></h3> <div id="ph_xcontent2_0_lvItemList_ctrl0_dvComments" class="dlb_comments"></div> </li> <li id="ph_xcontent2_0_lvItemList_ctrl1_liListItem"> <a href="https://web.archive.org/web/20130910030443/http://fcw.com/articles/2013/09/06/innovation-disaster-communication.aspx"><img src="/web/20130910030443im_/http://fcw.com/Articles/2013/09/06/~/media/GIG/FCWNow/Topics/Science/lighthouse_storm.png" alt="lighthouse in a storm"/></a> <h3 id="ph_xcontent2_0_lvItemList_ctrl1_h3Title"><a href="https://web.archive.org/web/20130910030443/http://fcw.com/articles/2013/09/06/innovation-disaster-communication.aspx">Looking for innovation on disaster communication</a></h3> <div id="ph_xcontent2_0_lvItemList_ctrl1_dvComments" class="dlb_comments"></div> </li> <li id="ph_xcontent2_0_lvItemList_ctrl2_liListItem"> <a href="https://web.archive.org/web/20130910030443/http://fcw.com/articles/2013/09/06/nsa-nist-standards.aspx"><img src="/web/20130910030443im_/http://fcw.com/Articles/2013/09/06/~/media/GIG/FCWNow/Topics/Cybersecurity/cyber_keyhole.png" alt="keyhole digital"/></a> <h3 id="ph_xcontent2_0_lvItemList_ctrl2_h3Title"><a href="https://web.archive.org/web/20130910030443/http://fcw.com/articles/2013/09/06/nsa-nist-standards.aspx">What NSA's influence on NIST standards means for feds </a></h3> <div id="ph_xcontent2_0_lvItemList_ctrl2_dvComments" class="dlb_comments"></div> </li> </ul> <div id="ph_xcontent2_0_dvPagination" class="pagination"> <ul> </ul> </div> </div> <noindex>  <div id="ph_xcontent3_0_relatedSpecific" class="relatedSpecific"> <div class="items"> <h3 id="ph_xcontent3_0_RelatedTitle">Related Articles</h3> <ul> <li><a id="ph_xcontent3_0_RelatedItemRepeater_ctl00_ItemHyperLink" href="https://web.archive.org/web/20130910030443/http://fcw.com/Articles/2013/06/17/whistleblower-guidelines.aspx">Rethinking whistleblowing in the digital age</a><span></span></li> <li><a id="ph_xcontent3_0_RelatedItemRepeater_ctl01_ItemHyperLink" href="https://web.archive.org/web/20130910030443/http://fcw.com/Articles/2013/07/25/NIST-cyber-legislation.aspx">NIST takes center stage in cyber legislation</a><span></span></li> <li><a id="ph_xcontent3_0_RelatedItemRepeater_ctl02_ItemHyperLink" href="https://web.archive.org/web/20130910030443/http://fcw.com/Articles/2013/07/15/nist-iris-specifications-fingerprint.aspx">NIST delivers long-sought standards for iris recognition</a><span></span></li> </ul> </div> </div>  </noindex> </div> </div> </div> <div id="extraWrapper"> <div id="extraContent"> <div id="ph_extracontent2_0_CommentsList"> <a name="Comments"></a> <div id="comments"> <h3 id="ph_extracontent2_0_h3ShowComments">Reader comments</h3> <div class="standard"> <h2> Mon, Sep 9, 2013 <span class="name"> Mouse</span> <span class="location"> </span> </h2> <p> And you automatically assumed that if New York Times published (or alluded to publishing) some powerpoints allegedly coming from NSA - it proves that not only our current computer security standards are "tainted", but other standards are as well? I wish I could sentence to reality at least the media employees...</p> </div> <div class="standard"> <h2> Mon, Sep 9, 2013 <span class="name"> </span> <span class="location"> </span> </h2> <p> So much for NIST's credibility. I noticed they ignored the good stuff brought to them, now we know why.</p> </div> <div class="standard"> <h2> Mon, Sep 9, 2013 <span class="name"> </span> <span class="location"> </span> </h2> <p> So if our computer security standards are open to, lets call it "tweaking", I wonder what other standards that NIST regulates are "tweaked." </p> </div> <div class="standard"> <h2> Mon, Sep 9, 2013 <span class="name"> William Frazier</span> <span class="location"> </span> </h2> <p> I am concerned about private use of products dependent on the tainted standards. If vendors produce sub-standard products for the federal government because of this, tough. I am sick and tired of one government branch claiming that their hands are Lysol clean while the other agency was the one swimming in a cesspool.</p> </div> <p> </p> </div> <div class="commentform"> <h3> Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.</h3> <fieldset id="user-details"> <label for="CommenterName"> Name: (Optional)</label><input name="ph_extracontent2_0$CommenterName" type="text" id="ph_extracontent2_0_CommenterName"/> <label for="CommenterEmail"> Email: (Optional)</label> <input name="ph_extracontent2_0$CommenterEmail" type="text" id="ph_extracontent2_0_CommenterEmail"/> <label for="CommenterLocation"> Location: (Optional)</label> <input name="ph_extracontent2_0$CommenterLocation" type="text" id="ph_extracontent2_0_CommenterLocation"/> </fieldset>  <fieldset id="user-message"> <label for="CommentText"> Your Comment:</label> <textarea name="ph_extracontent2_0$CommentText" rows="6" cols="50" id="ph_extracontent2_0_CommentText"></textarea><img id="ph_extracontent2_0_CaptchaBox1_CaptchaImageffd5" src="/web/20130910030443im_/http://fcw.com/Captcha.ashx?id=1b52" border="0"/> <span style="display:block;">Please type the letters/numbers you see above</span> <input name="ph_extracontent2_0$CaptchaBox1$CaptchaGuess" type="text" id="ph_extracontent2_0_CaptchaBox1_CaptchaGuess"/><input type="submit" name="ph_extracontent2_0$SubmitBtn" value="SUBMIT MESSAGE" id="ph_extracontent2_0_SubmitBtn" class="submit"/> </fieldset>  </div> </div> <script type="text/javascript" src="https://web.archive.org/web/20130910030443js_/http://jlinks.industrybrains.com/jsct?sid=967&ct=GCN_RUN_OF_SITE&tr=FCW_SITE&num=3&layt=960x180&fmt=simp"></script> <div class="ad"> <script type="text/javascript" language="javascript"> //<![CDATA[ ord = window.ord || Math.floor(Math.random() * 100000000); document.write('<script type="text/javascript" src="https://web.archive.org/web/20130910030443/http://ad.doubleclick.net/N5978/adj/eof.fcw/;Topic=Intelligence_Agencies;Topic=Commerce;Topic=Cybersecurity;Topic=NSA_Breach;Topic=Agencies;Topic=Technology;item=4ab2d9b8_fc0f_4ff1_bcd6_4ddd3c4b0928;pos=lead_t2;tile=9;sz=728x90,1x1;ord=' + ord + '?"><\/script>'); //]]> </script> <noscript> <a href="https://web.archive.org/web/20130910030443/http://ad.doubleclick.net/N5978/jump/eof.fcw/;Topic=Intelligence_Agencies;Topic=Commerce;Topic=Cybersecurity;Topic=NSA_Breach;Topic=Agencies;Topic=Technology;item=4ab2d9b8_fc0f_4ff1_bcd6_4ddd3c4b0928;pos=lead_t2;tile=9;sz=728x90,1x1;ord=123456789" target="_blank"> <img src="https://web.archive.org/web/20130910030443im_/http://ad.doubleclick.net/N5978/ad/eof.fcw/;Topic=Intelligence_Agencies;Topic=Commerce;Topic=Cybersecurity;Topic=NSA_Breach;Topic=Agencies;Topic=Technology;item=4ab2d9b8_fc0f_4ff1_bcd6_4ddd3c4b0928;pos=lead_t2;tile=9;sz=728x90,1x1;ord=123456789" border="0" alt=""/> </a> </noscript> </div> </div> </div> <div id="footerWrapper"> <div id="footer"> <div id="ph_footer2_0_divBlockBox" class="blockBox footerLinks"> <div id="ph_footer2_0_divBody" class="summary"> <ul class="copyrightNew"> <li>漏2013 1105 Media, Inc.</li></ul> <ul class="siteMapLinks"> <li><a href="https://web.archive.org/web/20130910030443/http://fcw.com/articles/list/policy.aspx">Policy</a></li> <li><a href="https://web.archive.org/web/20130910030443/http://fcw.com/articles/list/management.aspx">Management</a></li> <li><a href="https://web.archive.org/web/20130910030443/http://fcw.com/articles/list/people.aspx">Who & Where</a></li> <li><a href="https://web.archive.org/web/20130910030443/http://fcw.com/articles/list/the-hill.aspx">The Hill</a></li> <li><a href="https://web.archive.org/web/20130910030443/http://fcw.com/articles/list/agencies.aspx">Agencies</a></li> <li><a href="https://web.archive.org/web/20130910030443/http://fcw.com/articles/list/opinion.aspx">Opinion</a></li> <li><a href="https://web.archive.org/web/20130910030443/http://fcw.com/pages/resources.aspx">Resources</a></li></ul> <ul class="companyLinks"> <li><a href="https://web.archive.org/web/20130910030443/http://fcw.com/home.aspx?m=1" target="_blank">Mobile site</a></li> <li><a href="https://web.archive.org/web/20130910030443/https://itunes.apple.com/us/app/fcw-magazine/id579012642">FCW App</a></li> <li><a href="https://web.archive.org/web/20130910030443/http://digital.fcw.com/" target="_blank">Digital Edition</a></li></ul> <ul class="companyLinks"> <li><a href="https://web.archive.org/web/20130910030443/http://fcw.com/pages/about.aspx">About Us</a></li> <li><a href="https://web.archive.org/web/20130910030443/http://fcw.com/pages/contact.aspx">Contact Us</a></li> <li><a href="https://web.archive.org/web/20130910030443/http://1105govinfo.com/pages/brands/fcw/overview.aspx" target="_blank">Advertise</a></li> <li><a href="https://web.archive.org/web/20130910030443/http://www.1105reprints.com/" target="_blank">Reprints</a></li> <li><a href="https://web.archive.org/web/20130910030443/http://1105-sub.halldata.com/FWnew&PK=FWEBTS" target="_blank">Subscribe</a></li> <li><a href="https://web.archive.org/web/20130910030443/http://1105media.com/terms.html" target="_blank">Terms of Use</a></li> <li><a href="https://web.archive.org/web/20130910030443/http://www.1105media.com/privacy.aspx" target="_blank">Privacy Policy</a></li></ul></div> </div><div id="ph_footer2_1_divBlockBox" class="blockBox footerLegal"> <div id="ph_footer2_1_divBody" class="summary"> <img src="/web/20130910030443im_/http://fcw.com/design/gig/fcw/2012/img/1105-logo.png" alt="1105 Government Information Group"> <br> 8609 Westwood Center Drive, Suite 500<br> Vienna, VA 22182-2215<br> 703-876-5100</div> </div> <div id="Copyright_copyright" class="copyright"> <p><a href="https://web.archive.org/web/20130910030443/http://www.1105govinfo.com/" target="_blank"><img border="0" alt="1105 Government Information Group Logo" src="/web/20130910030443im_/http://fcw.com/Articles/2013/09/06/~/media/GIG/GIG%20Logos/1105logo_website.ashx" width="136" height="26"> </a><br><br>8609 Westwood Center Drive, Suite 500<br>Vienna, VA 22182-2215 <br>703-876-5100<br> <p>漏 1996-2013 1105 Media, Inc. All Rights Reserved. This copy is for your personal, non-commercial use only.<br>To order presentation-ready copies for distribution to colleagues, clients or customers, visit: <a href="https://web.archive.org/web/20130910030443/http://www.1105reprints.com/">www.1105Reprints.com<p></a></p></p> </div> </div> </div> </div> <script type="text/javascript"> //<![CDATA[ Sys.Application.initialize(); //]]> </script> </form> </body> </html>

CINXE.COM

What NSA's influence on NIST standards means for feds -- FCW