Today, federal agencies use computer systems and networks to store information and to interact with industry, private citizens and other governments both in this country and around the world. In this increasingly open environment of interconnected systems and networks, security is essential to ensure that information remains confidential, is not modified or destroyed, and is available when needed. To help federal agencies protect sensitive, but unclassified information, the National Institute of Standards and Technology (NIST) has updated a set of guidelines for selecting and implementing cryptographic methods.
Originally published in 1999, Guideline for Implementing Cryptography in the Federal Government (NIST Special Publication 800-21) is intended primarily for federal employees who design computer systems and procure, install and operate security products to meet specific needs. NIST is asking for comments on the publication, which is available at http://csrc.nist.gov/publications/drafts/800-21-Rev1_September2005.pdf (.pdf; download Acrobat Reader) by Oct. 17, 2005. Send comments to ebarker [at] nist.gov, specifying "SP 800-21 Comments" in the subject field.
The draft publication is one of a series of key standards and guidelines produced by NIST's computer security experts to help federal agencies improve their information technology security and comply with the Federal Information Security Management Act (FISMA) of 2002.