Origins of the NIST cybersecurity framework, encryption standards

Origins of the NIST cybersecurity framework, encryption standards

Date: Jan 17, 2014

There's little doubt that 2013 was a trying year for the National Institute of Standards and Technology (NIST), the non-regulatory federal agency tasked with maintaining a variety of technological standards, including those affecting information security.

First, President Barack H. Obama tasked NIST with creating a cybersecurity framework for the United States, then leaks from former National Security Agency contractor Edward Snowden revealed that NIST's encryption standards may have been compromised by the NSA. On top of all that, a government shutdown closed down NIST operations for several weeks. Public scrutiny of NIST has never been more intense, but according to Karen Scarfone, principal consultant at Scarfone Cybersecurity and a contributor to numerous NIST standards, the agency has "bent over backwards" to accommodate public input on its security publications.

In this video interview, recorded at Information Security Decisions 2013, Scarfone explains how NIST formulates its standards via a public, thorough vetting process. Scarfone herself attended a conference on the NIST cybersecurity framework in San Diego and was impressed by the extent to which the public shaped the process. Though not involved directly with NIST's encryption standards, she said those processes were subject to open scrutiny as well. Scarfone also details just how the NIST cybersecurity framework may affect the security measures in place at enterprises around the U.S.

More on Government IT Security Management

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: