Cryptographic Standards and Guidelines Development Process

<!DOCTYPE html> <html lang="en-us" xml:lang="en-us"> <head> <meta charset="utf-8" /> <title>Cryptographic Standards and Guidelines Development Process | CSRC</title> <meta http-equiv="content-type" content="text/html; charset=UTF-8" /> <meta http-equiv="content-style-type" content="text/css" /> <meta http-equiv="content-script-type" content="text/javascript" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <meta name="msapplication-config" content="/CSRC/Media/images/favicons/browserconfig.xml" /> <meta name="theme-color" content="#000000" /> <meta name="google-site-verification" content="xbrnrVYDgLD-Bd64xHLCt4XsPXzUhQ-4lGMj4TdUUTA" /> <meta name="description" content="In 2021, the Computer Security Division launched the Crypto Publication Review Project to identify publications for review based on their original publishing date and any relevant issues raised since then. Please visit the project page to view current..." />  <meta name="dcterms.title" content="Cryptographic Standards and Guidelines Development Process | CSRC | CSRC" /> <meta name="dcterms.description" content="In 2021, the Computer Security Division launched the Crypto Publication Review Project to identify publications for review based on their original publishing date and any relevant issues raised since then. Please visit the project page to view current..." /> <meta name="dcterms.creator" content="Computer Security Division, Information Technology Laboratory, National Institute of Standards and Technology, U.S. Department of Commerce" /> <meta name="dcterms.date.created" scheme="ISO8601" content="2016-05-24" /> <meta name="dcterms.date.reviewed" scheme="ISO8601" content="2024-08-16" /> <meta name="dcterms.language" scheme="DCTERMS.RFC1766" content="EN-US" />  <meta name="og:site_name" content="CSRC | NIST" /> <meta name="og:type" content="article" /> <meta name="og:url" content="https://csrc.nist.gov/Projects/crypto-standards-development-process" /> <meta name="og:title" content="Cryptographic Standards and Guidelines Development Process | CSRC | CSRC" /> <meta name="og:description" content="In 2021, the Computer Security Division launched the Crypto Publication Review Project to identify publications for review based on their original publishing date and any relevant issues raised since then. Please visit the project page to view current publications under review and completed reviews. Background In 2013, news reports about leaked classified documents caused concern from the cryptographic community about the security of NIST cryptographic standards and guidelines. NIST is also deeply concerned by these reports, some of which have questioned the integrity of the NIST standards development process. NIST has a proud history in open cryptographic standards, beginning in the 1970s with the Data Encryption Standard. We strive for a consistently open and transparent process that enlists the worldwide cryptography community to help us develop and vet algorithms included in our cryptographic guidance. NIST endeavors to promote confidence in our cryptographic guidance through these inclusive and..." /> <meta name="article:tag" content="cryptography; standards development" /> <meta name="article:published_time" content="2016-05-24" /> <meta name="article:modified_time" content="2024-08-16" /> <link rel="apple-touch-icon" sizes="180x180" href="/images/icons/apple-touch-icon.png" /> <link rel="icon" type="image/png" href="/images/icons/favicon-32x32.png" sizes="32x32" /> <link rel="icon" type="image/png" href="/images/icons/favicon-16x16.png" sizes="16x16" /> <link rel="manifest" href="/images/icons/manifest.json" /> <link rel="mask-icon" href="/images/icons/safari-pinned-tab.svg" color="#000000" /> <link href="/CSRC/Media/images/favicons/favicon.ico" type="image/x-icon" rel="shortcut icon" /> <link href="/CSRC/Media/images/favicons/favicon.ico" type="image/x-icon" rel="icon" /> <link href="/dist/app.css" rel="stylesheet" />  <link href="/dist/highlight-js/github.css" rel="stylesheet" />  <link href="/dist/uswds/css/uswds.css" type="text/css" rel="stylesheet" /> <script type="text/javascript" src="/dist/uswds/js/uswds-init.min.js"></script>  <style> .grecaptcha-badge { visibility: hidden; } </style> <script async type="text/javascript" id="_fed_an_ua_tag" src="https://dap.digitalgov.gov/Universal-Federated-Analytics-Min.js?agency=nist&subagency=csrc&pua=UA-66610693-15&yt=true&exts=xsd,xml,wav,mpg,mpeg,avi,rtf,webm,ogg,ogv,oga,map,otf,eot,svg,ttf,woff"></script> <style id="antiClickjackCss"> body > * { display: none !important; } #antiClickjack { display: block !important; } </style> <noscript> <style id="antiClickjackNoScript"> body > * { display: block !important; } #antiClickjack { display: none !important; } </style> </noscript> <script type="text/javascript" id="antiClickjackScript"> if (self === top) { // no clickjacking var antiClickjack = document.getElementById("antiClickjackCss"); antiClickjack.parentNode.removeChild(antiClickjack); } else { setTimeout(tryForward(), 5000); } function tryForward() { top.location = self.location; } </script>  <script async src="https://www.googletagmanager.com/gtag/js?id=G-TSQ0PLGJZP"></script> <script> window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'G-TSQ0PLGJZP'); </script>  <script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-MZQC4NCJ');</script>  </head> <body>  <noscript><iframe src="https://www.googletagmanager.com/ns.html?id=GTM-MZQC4NCJ" height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript>  <div id="antiClickjack" style="display: none;"> <strong style="font-size: 1.6rem;">You are viewing this page in an unauthorized frame window.</strong> <p>This is a potential security issue, you are being redirected to <a href="https://csrc.nist.gov">https://csrc.nist.gov</a>.</p> </div> <section class="usa-banner" aria-label="Official website of the United States government"> <div class="usa-accordion"> <header class="usa-banner__header"> <noscript> <p style="font-size: 0.85rem; font-weight: bold;">You have JavaScript disabled. This site requires JavaScript to be enabled for complete site functionality.</p> </noscript> <div class="usa-banner__inner"> <div class="grid-col-auto"> <img aria-hidden="true" class="usa-banner__header-flag" src="/dist/uswds/img/us_flag_small.png" alt=""/> </div> <div class="grid-col-fill tablet:grid-col-auto" aria-hidden="true"> <p class="usa-banner__header-text"> An official website of the United States government </p> <p class="usa-banner__header-action">Here’s how you know</p> </div> <button type="button" class="usa-accordion__button usa-banner__button" aria-expanded="false" aria-controls="gov-banner-default"> <span class="usa-banner__button-text">Here’s how you know</span> </button> </div> </header> <div class="usa-banner__content usa-accordion__content" id="gov-banner-default"> <div class="grid-row grid-gap-lg"> <div class="usa-banner__guidance tablet:grid-col-6"> <img class="usa-banner__icon usa-media-block__img" src="/dist/uswds/img/icon-dot-gov.svg" role="img" alt="" aria-hidden="true"/> <div class="usa-media-block__body"> <p> <strong>Official websites use .gov</strong><br/>A <strong>.gov</strong> website belongs to an official government organization in the United States. </p> </div> </div> <div class="usa-banner__guidance tablet:grid-col-6"> <img class="usa-banner__icon usa-media-block__img" src="/dist/uswds/img/icon-https.svg" role="img" alt="" aria-hidden="true"/> <div class="usa-media-block__body"> <p> <strong>Secure .gov websites use HTTPS</strong><br/>A <strong>lock</strong> ( <span class="icon-lock"> <svg xmlns="http://www.w3.org/2000/svg" width="52" height="64" viewBox="0 0 52 64" class="usa-banner__lock-image" role="img" aria-labelledby="banner-lock-description-default" focusable="false"> <title id="banner-lock-title-default">Lock</title> <desc id="banner-lock-description-default">Locked padlock icon</desc> <path fill="#000000" fill-rule="evenodd" d="M26 0c10.493 0 19 8.507 19 19v9h3a4 4 0 0 1 4 4v28a4 4 0 0 1-4 4H4a4 4 0 0 1-4-4V32a4 4 0 0 1 4-4h3v-9C7 8.507 15.507 0 26 0zm0 8c-5.979 0-10.843 4.77-10.996 10.712L15 19v9h22v-9c0-6.075-4.925-11-11-11z"/> </svg> </span >) or <strong>https://</strong> means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites. </p> </div> </div> </div> </div> </div> </section> <nav id="navbar" class="navbar"> <div id="nist-menu-container" class="container"> <div class="row">  <div class="col-xs-6 col-md-4 navbar-header"> <a class="navbar-brand" href="https://www.nist.gov" target="_blank" id="navbar-brand-image"> <img src="/CSRC/media/images/svg/nist-logo.svg" alt="National Institute of Standards and Technology" width="110" height="30"> </a> </div> <div class="col-xs-6 col-md-8 navbar-nist-logo"> <div class="form-inline hidden-sm hidden-xs"> <form name="site-search" id="site-search-form" action="/search" method="GET"> <label for="search-csrc-query" class="element-invisible">Search</label> <input autocomplete="off" class="form-control" id="search-csrc-query" name="keywords" type="text" size="15" maxlength="128" placeholder="Search CSRC" /> <input type="hidden" name="ipp" value="25" /> <input type="hidden" name="sortBy" value="relevance" /> <input type="hidden" name="showOnly" value="publications,projects,news,events,presentations,glossary,topics" /> <input type="hidden" name="topicsMatch" value="ANY" /> <input type="hidden" name="status" value="Final,Draft" /> <button type="submit" id="search-csrc-submit-btn" class="form-submit"> <span class="element-invisible">Search</span> <i class="fa fa-search"></i> </button> </form> </div> <span id="nvd-menu-button" class="pull-right"> <a href="#" id="nvd-menu-button-link"> <span class="fa fa-bars"></span> <span id="nvd-menu-full-text">CSRC MENU</span> </a> </span> </div> </div> </div> <div class="form-inline hidden-md hidden-lg"> <form name="site-search-mobile" id="site-search-form-mobile" action="/search" method="GET"> <label for="search-csrc-query-mobile" class="element-invisible">Search</label> <input autocomplete="off" class="form-control" id="search-csrc-query-mobile" name="keywords" type="text" size="15" maxlength="128" placeholder="Search CSRC" /> <button type="submit" id="search-csrc-submit-btn-mobile" class="form-submit"> <span class="element-invisible">Search</span> <i class="fa fa-search"></i> </button> </form> </div> <div class="main-menu-row container">  <div id="main-menu-drop" class="col-lg-12" style="display: none;"> <ul> <li><a href="/projects">Projects</a></li> <li> <a href="/publications"> Publications <span class="expander fa fa-plus" id="main-menu-pubs-expander" data-expander-name="publications" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="publications" id="main-menu-pubs-expanded"> <div class="row"> <div class="col-lg-4"> <p><a href="/publications/drafts-open-for-comment">Drafts for Public Comment</a></p> <p><a href="/publications/draft-pubs">All Public Drafts</a></p> <p><a href="/publications/final-pubs">Final Pubs</a></p> <p><a href="/publications/fips">FIPS <small>(standards)</small></a></p> </div> <div class="col-lg-4"> <p><a href="/publications/sp">Special Publications (SP<small>s</small>)</a></p> <p><a href="/publications/ir">IR <small>(interagency/internal reports)</small></a></p> <p><a href="/publications/cswp">CSWP <small>(cybersecurity white papers)</small></a></p> <p><a href="/publications/itl-bulletin">ITL Bulletins</a></p> </div> <div class="col-lg-4"> <p><a href="/publications/project-description">Project Descriptions</a></p> <p><a href="/publications/journal-article">Journal Articles</a></p> <p><a href="/publications/conference-paper">Conference Papers</a></p> <p><a href="/publications/book">Books</a></p> </div> </div> </div> </li> <li> <a href="/topics"> Topics <span class="expander fa fa-plus" id="main-menu-topics-expander" data-expander-name="topics" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="topics" id="main-menu-topics-expanded"> <div class="row"> <div class="col-lg-4"> <p><a href="/Topics/Security-and-Privacy">Security & Privacy</a></p> <p><a href="/Topics/Applications">Applications</a></p> </div> <div class="col-lg-4"> <p><a href="/Topics/Technologies">Technologies</a></p> <p><a href="/Topics/Sectors">Sectors</a></p> </div> <div class="col-lg-4"> <p><a href="/Topics/Laws-and-Regulations">Laws & Regulations</a></p> <p><a href="/Topics/Activities-and-Products">Activities & Products</a></p> </div> </div> </div> </li> <li><a href="/news">News & Updates</a></li> <li><a href="/events">Events</a></li> <li><a href="/glossary">Glossary</a></li> <li> <a href="/about"> About CSRC <span class="expander fa fa-plus" id="main-menu-about-expander" data-expander-name="about" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="about" id="main-menu-about-expanded"> <div class="row"> <div class="col-lg-6"> <p> <strong><a href="/Groups/Computer-Security-Division">Computer Security Division</a></strong><br /> <ul> <li><a href="/Groups/Computer-Security-Division/Cryptographic-Technology">Cryptographic Technology</a></li> <li><a href="/Groups/Computer-Security-Division/Secure-Systems-and-Applications">Secure Systems and Applications</a></li> <li><a href="/Groups/Computer-Security-Division/Security-Components-and-Mechanisms">Security Components and Mechanisms</a></li> <li><a href="/Groups/Computer-Security-Division/Security-Engineering-and-Risk-Management">Security Engineering and Risk Management</a></li> <li><a href="/Groups/Computer-Security-Division/Security-Testing-Validation-and-Measurement">Security Testing, Validation, and Measurement</a></li> </ul> </p> </div> <div class="col-lg-6"> <p> <strong><a href="/Groups/Applied-Cybersecurity-Division">Applied Cybersecurity Division</a></strong><br /> <ul> <li><a href="/Groups/Applied-Cybersecurity-Division/Cybersecurity-and-Privacy-Applications">Cybersecurity and Privacy Applications</a></li> <li><a href="/Groups/Applied-Cybersecurity-Division/National-Cybersecurity-Center-of-Excellence">National Cybersecurity Center of Excellence (NCCoE)</a></li> <li><a href="https://www.nist.gov/nice/">National Initiative for Cybersecurity Education (NICE)</a></li> </ul> </p> <p> <a href="/contact"> Contact Us </a> </p> </div> </div> </div> </li> </ul> </div> </div> </nav> <section id="itl-header" class="has-menu"> <div class="container"> <div class="row"> <div class="col-sm-12 col-md-8"> <div class="hidden-xs hidden-sm" id="itl-header-lg"> <a href="https://www.nist.gov/itl" target="_blank" id="itl-header-link">Information Technology Laboratory</a> </div> <div class="hidden-xs hidden-sm" id="csrc-header-lg"> <a href="/" id="csrc-header-link-lg">Computer Security Resource Center</a> </div> </div> <div class="col-sm-12 col-md-4"> <div class="hidden-xs hidden-sm hidden-md"> <a id="logo-csrc-lg" href="/"><img id="img-logo-csrc-lg" src="/CSRC/Media/images/nist-logo-csrc-white.svg" alt="CSRC Logo" class="csrc-header-logo"></a> </div> <div class="hidden-lg"> <a id="logo-csrc-sm" href="/"><img id="img-logo-csrc-sm" src="/CSRC/Media/images/nist-logo-csrc-white.svg" alt="CSRC Logo" class="csrc-header-logo"></a> </div> </div> </div> </div> </section> <div id="body-section" class="container"> <div class="breadcrumb"> <a href="/projects" class="breadcrumb-link">Projects</a> </div> <h1 id="projectName">Cryptographic Standards and Guidelines Development Process</h1> <div class="page-social-buttons" id="news-social-buttons"> <a href="https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fcsrc.nist.gov%2Fprojects%2Fcrypto-standards-development-process" class="social-facebook"><i class="fa fa-facebook fa-fw" aria-hidden="true"></i><span class="sr-only">Share to Facebook</span></a> <a href="https://twitter.com/share?url=https%3A%2F%2Fcsrc.nist.gov%2Fprojects%2Fcrypto-standards-development-process" class="social-twitter"><i class="fa fa-twitter fa-fw" aria-hidden="true"></i><span class="sr-only">Share to Twitter</span></a> <a href="https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fcsrc.nist.gov%2Fprojects%2Fcrypto-standards-development-process&source=csrc.nist.gov" class="social-linked-in"><i class="fa fa-linkedin fa-fw" aria-hidden="true"></i><span class="sr-only">Share to LinkedIn</span></a> <a href="mailto:?subject=csrc.nist.gov&body=Check out this site https://csrc.nist.gov/Projects/crypto-standards-development-process" class="social-email"><i class="fa fa-envelope fa-fw" aria-hidden="true"></i><span class="sr-only">Share ia Email</span></a> </div> <div class="row visible-sm visible-xs visible-md"> <div class="col-sm-12"> <div class="bs-callout bs-callout-subnav" id="projectLinksContainer-sm"> <h4><i class="fa fa-link"></i> Project Links</h4> <div class="project-icons-container"> <span> <a href="/projects/crypto-standards-development-process" id="NavOverviewLink-sm"> <i class="fa fa-info-circle"></i> Overview </a> </span> <span> <a href="/Projects/crypto-standards-development-process/news" id="NavNewsLink-sm" data-count="5"> <i class="fa fa-newspaper-o"></i> News & Updates </a> </span> <span> <a href="/Projects/crypto-standards-development-process/publications" id="NavPubsLink-sm" data-count="1"> <i class="fa fa-file-text"></i> Publications </a> </span> </div> </div> </div> </div> <div class="row"> <div class="col-lg-8 col-sm-12"> <h3>Overview</h3> <div id="overview"> <p>In 2021, the Computer Security Division launched the <a data-csrc-link="true" data-node-guid="74deef64-c1c3-44cc-b3d2-86c7faf59c96" href="/projects/crypto-publication-review-project">Crypto Publication Review Project</a> to identify publications for review based on their original publishing date and any relevant issues raised since then. Please visit the project page to view current publications under review and completed reviews.</p> <h4><strong>Background</strong></h4> <p>In 2013, news reports about leaked classified documents caused concern from the cryptographic community about the security of NIST cryptographic standards and guidelines. NIST is also deeply concerned by these reports, some of which have questioned the integrity of the NIST standards development process.</p> <p>NIST has a proud history in open cryptographic standards, beginning in the 1970s with the Data Encryption Standard. We strive for a consistently open and transparent process that enlists the worldwide cryptography community to help us develop and vet algorithms included in our cryptographic guidance. NIST endeavors to promote confidence in our cryptographic guidance through these inclusive and transparent development processes, which we believe are the best in use.</p> <p>Trust is crucial to the adoption of strong cryptographic algorithms.  To ensure that our guidance has been developed according the highest standard of inclusiveness, transparency and security, NIST initiated a formal review of our standards development efforts.  We documented our goals and objectives, principles of operation, processes for identifying cryptographic algorithms for standardization, methods for reviewing and resolving public comments, and other important procedures necessary for a rigorous process.  NIST solicited public input on this process through two public comment periods in February 2014 and January 2015.  Revised processes and procedures were finalized in March 2016 as <a data-csrc-pub-link="true" data-pub-guid="3f5e4f41-0ef8-4ef7-80cc-b7770925b8ae" href="/pubs/ir/7977/final">NISTIR 7977</a>.</p> <p>At the request of the NIST Director, the Visiting Committee on Advanced Technology (VCAT) conducted a review of NIST's cryptographic standards and guidelines development process. The VCAT convened a blue ribbon panel of experts called the <a href="https://www.nist.gov/news-events/news/2014/05/independent-committee-begins-review-nists-cryptographic-material-and">Committee of Visitors</a> (COV) and asked each expert to review the process and provide individual reports of their conclusions and recommendations. The <a data-csrc-link="true" data-node-guid="8d8d2ee6-3b9e-4ce3-b5fc-6229fe1539db" href="/news/2014/vcat-recommendations-for-the-nist-cryptographic-st">VCAT issued their report in July 2014</a>, and their recommendations were incorporated in the process and procedures documented in NISTIR 7977.</p> <p>Our mission is to protect the nation’s IT infrastructure and information through strong cryptography.  We cannot carry out that mission without the trust and assistance of the world’s cryptographic experts. We’re committed to continually earning that trust.</p> <p> </p> <h4>Development of NISTIR 7977, <em>NIST Cryptographic Standards and Guidelines Development Process</em></h4> <div aria-multiselectable="true" class="panel-group" id="collapse1723817923030" role="tablist"> <div class="panel panel-default"> <div class="panel-heading" id="heading1723817923030_1" role="tab"> <div class="panel-title"><a aria-controls="collapse1723817923030_1" aria-expanded="false" class="collapsed" data-parent="#collapse1723817923030" data-target="#collapse1723817923030_1" data-toggle="collapse" href="javascript:void(0)">NIST Announces Release of NISTIR 7977 (March 31, 2016) </a></div> </div> <div aria-labelledby="heading1723817923030_1" class="collapse in panel-collapse" id="collapse1723817923030_1" role="tabpanel"> <div class="panel-body"> <p><em><strong>March 31, 2016 </strong></em></p> <p>NIST announces the release of <a href="/publications/detail/nistir/7977/final">NIST Interagency Report (NISTIR) 7977, <em>Cryptographic Standards and Guidelines Development Process</em></a>. This document describes the principles, processes and procedures behind our cryptographic standards development efforts.</p> <p><strong>Background:</strong><br> This document is the result of a NIST-initiated review of its cryptographic standards development process in response to public concerns about the security of NIST cryptographic standards and guidelines. The first draft of NIST IR 7977 was released in February 2014 for public comment. This draft was revised based on the public comments received, as well as the <a href="https://www.nist.gov/itl/nist-cryptographic-standards-and-guidelines-development-process">recommendations from an independent review committee</a> convened by NIST’s Visiting Committee on Advanced Technology (VCAT). A second draft of NIST IR 7977 which incorporated those revisions was released for public comment in January 2015.</p> <ul> <li><a href="/CSRC/media/Publications/nistir/7977/final/documents/public-comments-nistir7977-second-round-mar2015.pdf">Comments Received on Second Public Draft NISTIR 7977</a> (January 2015)</li> <li><a href="/CSRC/media/Projects/Crypto-Standards-Development-Process/documents/summary-of-comments_NISTIR7977-Jan-2015.pdf">Summary of Public Comments and Responses on the Second Public Draft of NIST IR 7977</a> (January 2015)</li> </ul> <p>NISTIR 7977 will serve as the basis to guide NIST’s future cryptographic standards and guidelines activities. It will be reviewed and updated every five years, or more frequently if a need arises, to help ensure that NIST fulfills its role and responsibilities for producing robust, effective cryptographic standards and guidelines.</p> <p>The NIST Public Affairs Office posted a <a href="https://www.nist.gov/news-events/news/2016/03/nist-releases-new-document-its-cryptographic-standards-and-guidelines">press release</a> on the final publication of NISTIR 7977.</p> </div> </div> </div> <div class="panel panel-default"> <div class="panel-heading" id="heading1723817923030_2" role="tab"> <div class="panel-title"><a aria-controls="collapse1723817923030_2" aria-expanded="false" class="collapsed" data-parent="#collapse1723817923030" data-target="#collapse1723817923030_2" data-toggle="collapse" href="javascript:void(0)">NIST Requests Comments on Revised NISTIR 7977 (January 23, 2015) </a></div> </div> <div aria-labelledby="heading1723817923030_2" class="collapse panel-collapse" id="collapse1723817923030_2" role="tabpanel"> <div class="panel-body"> <p><em><strong>January 23, 2015</strong></em></p> <p><strong>Summary</strong>:<br> NIST requests comments on a revised draft (second public draft) report on <a href="/CSRC/media/Publications/nistir/7977/final/documents/nistir_7977_second_draft.pdf">NISTIR 7977, <em>NIST Cryptographic Standards and Guidelines Development Proces</em>s</a>. This revised document describes the principles, processes and procedures behind our cryptographic standards development efforts. Please send comments to crypto-review@nist.gov by March 27, 2015.</p> <ul> <li><a href="/CSRC/media/Publications/nistir/7977/final/documents/public-comments-nistir7977-second-round-mar2015.pdf">Comments Received on Second Public Draft NISTIR 7977</a> (January 2015)</li> </ul> <p><strong>Background: </strong><br> This draft results from a NIST-initiated review of its cryptographic standards development process in response to public concerns about the security of NIST cryptographic standards and guidelines.</p> <p>It reflects NIST’s response to comments received on a February 2014 draft.</p> <ul> <li><a href="/CSRC/media/Publications/nistir/7977/final/documents/public-comments-nistir7977.pdf">Comments Received on First Public Draft NISTIR 7977 </a>(February 2014)</li> <li><a href="/CSRC/media/Projects/Crypto-Standards-Development-Process/documents/summary-comments_nistir-7977_feb14_first-draft.pdf">Summary of Public Comments and Responses to the First Public Draft</a> (February 2014)</li> </ul> <p>We solicited public comments on this revised draft to obtain further feedback on the principles and mechanisms we use to engage stakeholders and experts in industry, academia and government to develop these standards. The NIST Public Affairs Office posted a <a href="https://www.nist.gov/news-events/news/2015/01/nist-requests-round-two-comments-its-cryptographic-standards-process">press release</a> on the revised draft.</p> <p><strong>Note to Reviewers:</strong><br> NIST requests comments especially on the following:</p> <ul> <li>Do the expanded and revised principles state appropriate drivers and conditions for NIST’s efforts related to cryptographic standards and guidelines?</li> <li>Do the revised processes for engaging the cryptographic community provide the necessary inclusivity, transparency and balance to develop strong, trustworthy standards? Are they worded clearly and appropriately? Are there other processes that NIST should consider?</li> <li>Do these processes include appropriate mechanisms to ensure that proposed standards and guidelines are reviewed thoroughly and that the views of interested parties are provided to and considered by NIST? Are there other mechanisms NIST should consider?</li> <li>Are there other channels or mechanisms that NIST should consider in order to communicate most effectively with its stakeholders?</li> </ul> </div> </div> </div> <div class="panel panel-default"> <div class="panel-heading" id="heading1723817923030_3" role="tab"> <div class="panel-title"><a aria-controls="collapse1723817923030_3" aria-expanded="false" class="collapsed" data-parent="#collapse1723817923030" data-target="#collapse1723817923030_3" data-toggle="collapse" href="javascript:void(0)">NIST Requests Comments on Draft NISTIR 7977 (February 18, 2014) </a></div> </div> <div aria-labelledby="heading1723817923030_3" class="collapse panel-collapse" id="collapse1723817923030_3" role="tabpanel"> <div class="panel-body"> <p><em><strong>February 18, 2014</strong></em></p> <p><strong><a id="first-draft-7977-info" name="first-draft-7977-info"></a>Summary: </strong><br> NIST requests comments on <a href="/CSRC/media/Publications/nistir/7977/final/documents/nistir_7977_draft.pdf">FIRST Draft NIST Interagency Report 7977, <em>NIST Cryptographic Standards and Guidelines Development Process</em></a><a href="/publications/detail/nistir/7977/final">.</a> This document describes the principles, processes and procedures behind our cryptographic standards development efforts. Please send questions to crypto-review@nist.gov.</p> <ul> <li><a href="/CSRC/media/Publications/nistir/7977/final/documents/public-comments-nistir7977.pdf">Comments Received on FIRST Draft NISTIR 7977</a> (FEB. 2014)</li> </ul> <p><strong>Background: </strong><br> In November 2013, NIST initiated a review of its cryptographic standards development process in response to public concerns about the security of NIST cryptographic standards and guidelines.</p> <p>To enable this review, we have compiled information about the principles, processes and procedures that drive our cryptographic standards development efforts to help the public understand how we develop our standards. This information is being published in draft NISTIR 7977, <em>NIST Cryptographic Standards and Guidelines Development Process</em>. We are soliciting public comments on this draft NIST IR to obtain feedback on the mechanisms we use to engage experts in industry, academia and government to develop these standards.</p> <p>The revised NISTIR 7977 will also serve as the basis for a review of our existing body of cryptographic work. We will examine the procedures used to develop each of our cryptographic standards or guidelines to ensure they were developed in accordance with the principles outlined in NISTIR 7977. If any current guidance does not meet the high standards set out in this process, we will address these issues as quickly as possible, taking into consideration the process used to develop the guidance and a technical review of the affected cryptographic algorithms or schemes.</p> <p><strong>Note to Reviewers: </strong><br> As part of your review of NISTIR 7977, we request comments on the following topics:</p> <ul> <li>Are there other principles that we should use to drive our standards development efforts?</li> <li>What are the most effective processes identified in the draft for engaging the cryptographic community for providing the necessary inclusivity and transparency to develop strong, trustworthy standards? Are there other processes we should consider?</li> <li>Do these processes include appropriate mechanisms to ensure proposed standards are thoroughly reviewed and interested parties’ views are heard? Are there other mechanisms that should be included in our process?</li> <li>What are other communication channels that NIST should consider to effectively communicate with its stakeholders?</li> </ul> </div> </div> </div> </div> <p> </p> </div> </div> <div class="col-lg-4 hidden-xs hidden-sm hidden-md"> <div class="project-nav-container"> <div class="bs-callout bs-callout-subnav" id="projectLinksContainer-lg"> <h4><i class="fa fa-link"></i> Project Links</h4> <div class="project-icons-container"> <span> <a href="/projects/crypto-standards-development-process" id="SideNavOverviewLink"> <i class="fa fa-info-circle"></i> Overview </a> </span> <span> <a href="/Projects/crypto-standards-development-process/news" id="SideNavNewsLink" data-count="5"> <i class="fa fa-newspaper-o"></i> News & Updates </a> </span> <span> <a href="/Projects/crypto-standards-development-process/publications" id="SideNavPubsLink" data-count="1"> <i class="fa fa-file-text"></i> Publications </a> </span> </div> <h4>Additional Pages</h4> <div id="projectPagesCallout-lg"> <a class="csrc-add-page" data-node-level="0" data-node-order="1" href="/Projects/crypto-standards-development-process/NIST-Briefs-Committee-of-Visitors" id="projPage0" style="border-left: solid 0rem transparent;">NIST Briefs Committee of Visitors</a> </div> </div> </div> <div class="bs-callout bs-callout-success" id="contactsCallout-lg"> <h4><i class="fa fa-user"></i> Contacts</h4> <p id="projContact0"><span class='contact-display'><strong data-field='full-name'> <span data-field='lastname'>Inquiries</span> </strong><br/><a href='mailto:crypto@nist.gov' data-field='email'>crypto@nist.gov</a><br/></span></p> <p id="projContact1"><span class='contact-display'><strong data-field='full-name'> <span data-field='firstname'>Andrew</span> <span data-field='lastname'>Regenscheid</span> </strong><br/></span></p> </div> <div class="bs-callout bs-callout-danger" id="owningGroupCallout-lg"> <h4><i class="fa fa-sitemap"></i> Group</h4> <a href="/Groups/Computer-Security-Division/Cryptographic-Technology">Cryptographic Technology</a> </div> <div class="bs-callout bs-callout-danger" id="topicsCallout-lg"> <h4><i class="fa fa-tag"></i> Topics</h4> <p> <strong id="catName0-lg">Security and Privacy:</strong> <a id="catTopLink0-0-lg" href="/Topics/Security-and-Privacy/cryptography">cryptography</a> </p> <p> <strong id="catName1-lg">Activities and Products:</strong> <a id="catTopLink1-0-lg" href="/Topics/Activities-and-Products/standards-development">standards development</a> </p> </div> <div class="bs-callout bs-callout-warning" id="relatedProjectsCallout-lg"> <h4>Related Projects</h4> <a href="/Projects/crypto-publication-review-project" id="relProjLink0">Crypto Publication Review Project</a><br/> <a href="/Projects/cryptographic-standards-and-guidelines" id="relProjLink1">Cryptographic Standards and Guidelines</a><br/> <a href="/Projects/random-bit-generation" id="relProjLink2">Random Bit Generation</a><br/> </div> </div> </div> <div class="row visible-sm visible-xs visible-md"> <div class="col-sm-12"> <div class="bs-callout bs-callout-subnav" id="projectPagesCallout-sm"> <h4>Additional Pages</h4> <p> <a class="csrc-add-page" data-node-level="0" data-node-order="1" href="/Projects/crypto-standards-development-process/NIST-Briefs-Committee-of-Visitors" id="projPage0-sm" style="border-left: solid 0rem transparent;">NIST Briefs Committee of Visitors</a> </p> </div> <div class="bs-callout bs-callout-subnav" id="contactsCallout-sm"> <h4><i class="fa fa-user"></i> Contacts</h4> <p style="padding-left: 15px;"> <span id="projContact0-sm"><span class='contact-display'><strong data-field='full-name'> <span data-field='lastname'>Inquiries</span> </strong><br/><a href='mailto:crypto@nist.gov' data-field='email'>crypto@nist.gov</a><br/></span></span><br/> <span id="projContact1-sm"><span class='contact-display'><strong data-field='full-name'> <span data-field='firstname'>Andrew</span> <span data-field='lastname'>Regenscheid</span> </strong><br/></span></span><br/> </p> </div> <div class="bs-callout bs-callout-danger" id="owningGroupCallout-sm"> <h4><i class="fa fa-sitemap"></i> Group</h4> <a href="/Groups/Computer-Security-Division/Cryptographic-Technology">Cryptographic Technology</a> </div> <div class="bs-callout bs-callout-danger" id="topicsCallout-sm"> <h4><i class="fa fa-tag"></i> Topics</h4> <p> <strong id="catName0-sm">Security and Privacy:</strong> <a id="catTopLink0-0-sm" href="/Topics/Security-and-Privacy/cryptography">cryptography</a> </p> <p> <strong id="catName1-sm">Activities and Products:</strong> <a id="catTopLink1-0-sm" href="/Topics/Activities-and-Products/standards-development">standards development</a> </p> </div> <div class="bs-callout bs-callout-warning" id="relatedProjectsCallout-sm"> <h4>Related Projects</h4> <p> <a href="/Projects/crypto-publication-review-project" id="relProjLink0-sm">Crypto Publication Review Project</a><br/> <a href="/Projects/cryptographic-standards-and-guidelines" id="relProjLink1-sm">Cryptographic Standards and Guidelines</a><br/> <a href="/Projects/random-bit-generation" id="relProjLink2-sm">Random Bit Generation</a><br/> </p> </div> </div> </div> <div class="row"> <div class="col-md-12 historical-data-area" id="historical-data-area"> <span>Created <span id="page-created-date">May 24, 2016</span>, Updated <span id="page-updated-date">August 16, 2024</span></span> </div> </div> <div id="footer-pusher"></div> </div> <footer id="footer"> <div class="container"> <div class="row"> <div class="col-sm-6"> <span class="hidden-xs"> <a href="https://www.nist.gov" title="National Institute of Standards and Technology" rel="home" target="_blank" class="footer-nist-logo" id="footer-nist-logo-link"> <img src="/CSRC/Media/images/nist-logo-brand-white.svg" alt="National Institute of Standards and Technology logo" id="footer-nist-logo" /> </a> </span> <div class="row footer-contact-container"> <div class="col-sm-12" id="footer-address"> <strong>HEADQUARTERS</strong><br> 100 Bureau Drive<br> Gaithersburg, MD 20899 </div> </div> </div> <div class="col-sm-6"> <ul class="social-list text-right" style="display: block;"> <li class="field-item service-twitter list-horiz"> <a href="https://twitter.com/NISTCyber" class="social-btn social-btn--large extlink ext" id="footer-social-twitter-link"> <i class="fa fa-twitter fa-fw"><span class="element-invisible">twitter</span></i><span class="ext"><span class="element-invisible"> (link is external)</span></span> </a> </li> <li class="field-item service-facebook list-horiz"> <a href="https://www.facebook.com/NIST" class="social-btn social-btn--large extlink ext" id="footer-social-facebook-link"> <i class="fa fa-facebook fa-fw"><span class="element-invisible">facebook</span></i><span class="ext"><span class="element-invisible"> (link is external)</span></span> </a> </li> <li class="field-item service-linkedin list-horiz"> <a href="https://www.linkedin.com/company/nist" class="social-btn social-btn--large extlink ext" id="footer-social-linkedin-link"> <i class="fa fa-linkedin fa-fw"><span class="element-invisible">linkedin</span></i><span class="ext"><span class="element-invisible"> (link is external)</span></span> </a> </li> <li class="field-item service-instagram list-horiz"> <a href="https://www.instagram.com/usnistgov/" class="social-btn social-btn--large extlink ext" id="footer-social-instagram-link"> <i class="fa fa-instagram fa-fw"><span class="element-invisible">instagram</span></i> <span class="ext"><span class="element-invisible"> (link is external)</span></span> </a> </li> <li class="field-item service-youtube list-horiz"> <a href="https://www.youtube.com/user/USNISTGOV" class="social-btn social-btn--large extlink ext" id="footer-social-youtube-link"> <i class="fa fa-youtube fa-fw"><span class="element-invisible">youtube</span></i><span class="ext"><span class="element-invisible"> (link is external)</span></span> </a> </li> <li class="field-item service-rss list-horiz"> <a href="https://www.nist.gov/news-events/nist-rss-feeds" class="social-btn social-btn--large extlink" id="footer-social-rss-link"> <i class="fa fa-rss fa-fw"><span class="element-invisible">rss</span></i> </a> </li> <li class="field-item service-govdelivery list-horiz last"> <a href="https://public.govdelivery.com/accounts/USNIST/subscriber/new?qsp=USNIST_3" class="social-btn social-btn--large extlink ext" title="Subscribe to CSRC and publication updates, and other NIST cybersecurity news" id="footer-social-govdelivery-link"> <i class="fa fa-envelope fa-fw"><span class="element-invisible">govdelivery</span></i><span class="ext"><span class="element-invisible"> (link is external)</span></span> </a> </li> </ul> <p class="text-right"> Want updates about CSRC and our publications? <a href="https://public.govdelivery.com/accounts/USNIST/subscriber/new?qsp=USNIST_3" class="btn btn-lg btn-primary" style="background-color: #12659c!important; border-color: #12659c!important;" id="footer-subscribe-link">Subscribe</a> </p> </div> </div> <div class="row hidden-sm hidden-md hidden-lg"> <div class="col-sm-12"> <a href="https://www.nist.gov" title="National Institute of Standards and Technology" rel="home" target="_blank" class="footer-nist-logo" id="footer-bottom-nist-logo-link"> <img src="/CSRC/Media/images/logo_rev.png" alt="National Institute of Standards and Technology logo" id="footer-bottom-nist-logo" /> </a> </div> </div> <div class="row"> <div class="col-sm-6"> <p> <a href="/about/contact" id="footer-contact-us-link">Contact Us</a> | <a href="https://www.nist.gov/about-nist/visit" style="display: inline-block;" id="footer-org-link">Our Other Offices</a> </p> </div> <div class="col-sm-6"> <span class="pull-right text-right"> Send inquiries to <a href="mailto:csrc-inquiry@nist.gov?subject=CSRC Inquiry" style="display: inline-block;" id="footer-inquiries-link">csrc-inquiry@nist.gov</a> </span> </div> </div> <div class="row"> <div class="footer-bottom-links-container" id="footer-bottom-links-container"> <ul> <li><a href="https://www.nist.gov/privacy-policy">Site Privacy</a></li> <li><a href="https://www.nist.gov/oism/accessibility">Accessibility</a></li> <li><a href="https://www.nist.gov/privacy">Privacy Program</a></li> <li><a href="https://www.nist.gov/oism/copyrights">Copyrights</a></li> <li><a href="https://www.commerce.gov/vulnerability-disclosure-policy">Vulnerability Disclosure</a></li> <li><a href="https://www.nist.gov/no-fear-act-policy">No Fear Act Policy</a></li> <li><a href="https://www.nist.gov/foia">FOIA</a></li> <li><a href="https://www.nist.gov/environmental-policy-statement">Environmental Policy</a></li> <li><a href="https://www.nist.gov/summary-report-scientific-integrity">Scientific Integrity</a></li> <li><a href="https://www.nist.gov/nist-information-quality-standards">Information Quality Standards</a></li> <li><a href="https://www.commerce.gov/">Commerce.gov</a></li> <li><a href="https://www.science.gov/">Science.gov</a></li> <li><a href="https://www.usa.gov/">USA.gov</a></li> <li><a href="https://vote.gov/">Vote.gov</a></li> </ul> </div> </div> </div> </footer> <script type="text/javascript" src="/dist/js/quick-collapse.js"></script> <script type="text/javascript" src="/dist/app.bundle.js"></script>  <script type="text/javascript" src="/dist/uswds/js/uswds.min.js"></script> <script type="text/javascript" src="/dist/projects.bundle.js"></script> </body> </html>

CINXE.COM

Cryptographic Standards and Guidelines Development Process | CSRC