Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Guideline for Implementing Cryptography In the Federal Government [Second Edition]

Published

Author(s)

Elaine B. Barker, William C. Barker

Abstract

[Superseded by SP 800-175A (August 2016): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=921233; and SP 800-175B (August 2016): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=921185] This Second Edition of NIST Special Publication (SP) 800-21, updates and replaces the November 1999 edition of Guideline for Implementing Cryptography in the Federal Government. Many of the references and cryptographic techniques contained in the first edition of NIST SP 800-21 have been amended, rescinded, or superseded since its publication. The current draft offers new tools and techniques. NIST SP 800-21-1 is intended to provide a structured, yet flexible set of guidelines for selecting, specifying, employing, and evaluating cryptographic protection mechanisms in Federal information systems?and thus, makes a significant contribution toward satisfying the security requirements of the Federal Information Security Management Act (FISMA) of 2002, Public Law 107-347. The current draft also reflects the elimination of the waiver process by the Federal Information Security Management Act (FISMA) of 2002. SP 800-21-1 includes background information, describes the advantages of using cryptography; defines the role and use of standards and describes standards organizations that are outside the Federal government; describes the methods that are available for symmetric and asymmetric key cryptography; describes implementation issues (e.g., key management); discusses assessments, including the Cryptographic Module Validation Program (CMVP), the Common Criteria (CC), and Certification and Accreditation (C&A); and describes the process of choosing the types of cryptography to be used and selecting a cryptographic method or methods to fulfill a specific requirement. [Supersedes SP 800-21 (November 1999): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=100016
Citation
Special Publication (NIST SP) - 800-21 2nd ed.
Report Number
800-21 2nd ed.

Keywords

cryptographic algorithm, cryptographic hash function, cryptographic key, cryptographic module, digital signature, key establishment, key management, message authentication code

Citation

Barker, E. and Barker, W. (2005), Guideline for Implementing Cryptography In the Federal Government [Second Edition], Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.SP.800-21e2 (Accessed February 25, 2024)
Created December 1, 2005, Updated January 27, 2020