A government agency tasked with releasing cryptographic guidance for the security industry has launched a formal review of its standards development process.
The National Institute of Standards and Technology (NIST) announced Friday on its website that the decision came in response to the recently publicized Snowden leaks. In September, The New York Times, The Guardian and ProPublica teamed up to reveal details about the National Security Agency's efforts to undermine widely used encryption methods meant to secure internet data from prying eyes.
“To ensure that our guidance has been developed according to the highest standard of inclusiveness, transparency and security, NIST has initiated a formal review of our standards development efforts,” the announcement from NIST said. “We are compiling our goals and objectives, principles of operation, processes for identifying cryptographic algorithms for standardization, methods for reviewing and resolving public comments, and other important procedures necessary for a rigorous process.”
Upon the completion of the review, NIST plans to invite public comment on the process, it said. In addition, an independent organization will review the standards development process.
“Furthermore, we will be reviewing our existing body of cryptographic work, looking at both our documented process and the specific procedures used to develop each of these standards and guidelines,” NIST revealed. “If any current guidance does not meet the high standards set out in this process, we will address these issues as quickly as possible.”
The publicized leaks in September revealed that the NSA pressured major tech companies into giving its agency backdoor access to encryption software, and, worse yet, that the agency stole company encryption keys by hacking organizations' servers in some cases.
Amidst the public outcry on NSA's abuse of its resources to access citizen data, news surfaced last month that the agency's director, Gen. Keith Alexander, plans to retire in the spring.