The National Institute of Standards and Technology (NIST) announced May 14 that its primary advisory committee, the Visiting Committee on Advanced Technology (VCAT), has started a review of the institute’s cryptographic standards and guidelines program.
The review was born out of several months of controversy caused by reports of efforts by the NSA to subvert crypto standards and technology in an operation known as ‘Bullrun.’ The revelations became public as a result of the fallout surrounding the leaks by Edward Snowden.
To support its review of the institute’s guidelines, the committee has formed a panel of experts to assess NIST’s existing cryptographic standards and guidelines and the process through which they have been developed. The panel members are: Vint Cerf of Google; Edward Felten of Princeton University; Steve Lipner of Microsoft Corporation; Bart Preneel of Katholieke Universiteit Leuven; Ellen Richey of Visa; Ron Rivest of the Massachusetts Institute of Technology (MIT); and Fran Schrotter of the American National Standards Institute (ANSI).
“Our mission is to protect the nation’s IT infrastructure and information by promoting strong cryptography,” said Under Secretary of Commerce for Standards and Technology and NIST Director Patrick D. Gallagher in a statement. “We look forward to the VCAT’s review to help ensure we have the most transparent and effective process for doing that.”
In November, NIST began an internal review of its development process and announced it would seek public input and an independent review due to concerns in the security community about the integrity of the institute’s activities. In February, NIST released a draft document called ‘NIST IR 7977: NIST Cryptographic Standards and Guidelines Development Process’ for a two-month public comment period.
The panel will review NIST’s current processes as described in NIST IR 7977 as well as the publiccommentsand NIST cryptographic standards and guidelines. The committee may also seek input from other experts.
Panel members will provide individual assessments to the VCAT Subcommittee on Cybersecurity, which will report its findings and any recommendations to the full VCAT. The subcommittee will provide an update on its progress on June 11, 2014, at the next VCAT meeting. Upon reviewing the expert assessments and the proposed recommendations of the subcommittee, the VCAT will issue its recommendations to NIST.
The reports from the panel members, subcommittee and VCAT will be available atwww.nist.gov/director/vcat/.
Brian Prince is a Contributing Writer for SecurityWeek.Previous Columns by Brian Prince:Review of NIST Crypto Standards and Development Process Kicks OffPhishers Target Execs With Sophisticated Wire Transfer Scam BlackBerry Fixes Vulnerabilities Related to Heartbleed, FlashDoge Vault Investigates Cyber Attack Microsoft, Adobe Patch Critical Security Vulnerabilities
Tags: NEWS INDUSTRY