NISTIR 7977 NIST CRYPTOGRAPHIC STANDARDS AND
GUIDELINES DEVELOPMENT PROCESS
12
Federal policy contained in OMB Circular A-119
directs all agencies to use voluntary consensus
standards in lieu of government-unique standards “except where inconsistent with law or
otherwise impractical.” NIST is committed to making maximum use of standards produced by
SDOs as the first option in addressing a need for cryptographic standards. The section of this
document, “Policies and Processes for the Life Cycle Management of Cryptographic Standards
and Guidelines,” provides detail about how NIST implements this strategy.
When NIST decides to develop a standard, NIST will give strong consideration to submitting
that standard to an SDO for broader acceptance, use, alignment, and impact. In the past, SDOs
have adopted important NIST cryptographic standards as foundational building blocks for
security protocols. For example, the Advanced Encryption Standard (AES) block cipher is
included in ISO/IEC 18033-3:2010, is the preferred block cipher for IEEE 802.11 to secure
wireless networks, and is mandatory to implement in version 1.2 of the Internet Engineering
Task Force’s (IETF) Transport Layer Security (TLS) protocol.
When selecting priorities for working with SDOs or using standards produced by those
organizations, a major consideration for NIST is the degree of active participation in the SDO
from cryptographic researchers, industry, and others in the user community.
NIST staff participates in SDOs either through a NIST membership in an organization (e.g.,
Accredited Standards Committee X9, Inc.
working groups, INCITS
technical committees) or as
individuals (e.g., IEEE Standards Association
working groups and IETF working groups). NIST
experts also participate in some international SDOs through U.S. National Body or Member
State representation. ANSI
is the sole U.S. representative for two major non-treaty international
standards organizations, the International Organization for Standardization (ISO) and – via the
U.S. National Committee (USNC) – the International Electrotechnical Commission (IEC). For
treaty-based international standards bodies, such as the International Telecommunication Union
(ITU), the Department of State represents the United States.
Working with SDOs provides an important avenue for outreach to and feedback from multiple
stakeholders. In many cases, NIST staff members are contributors, editors, or working-group
Office of Management and Budget, Federal Participation in the Development and Use of Voluntary Consensus
Standards and in Conformity Assessment Activities, OMB Circular A-119 Revised, February 10, 1998.
http://www.whitehouse.gov/omb/circulars_a119#1
Accredited Standards Committee X9, Inc., Financial Industry Standards
InterNational Committee for Information Technology Standards (INCITS)
Institute of Electrical and Electronics Engineers (IEEE)
American National Standards Institute (ANSI)