RSA Laboratories

6.2.1 What is NIST?

NIST is an acronym for the National Institute of Standards and Technology, a division of the U.S. Department of Commerce. NIST was formerly known as the National Bureau of Standards (NBS). Through its Computer Systems Laboratory it aims to promote open systems and interoperability that will spur the development of computer-based economic activity. NIST issues standards and guidelines intended to be adopted in all computer systems in the U.S., and also sponsors workshops and seminars. Official standards are published as FIPS (Federal Information Processing Standards) publications.

In 1987 Congress passed the Computer Security Act, which authorized NIST to develop standards for ensuring the security of sensitive but unclassified information in government computer systems. It encouraged NIST to work with other government agencies and private industry in evaluating proposed computer security standards.

NIST issues standards for cryptographic algorithms that U.S. government agencies are required to use. A large percentage of the private sector often adopts them as well. In January 1977, NIST declared DES (see Section 3.2) the official U.S. encryption standard and published it as FIPS 46; DES soon became a de facto standard throughout the United States. NIST is currently taking nominations for the Advanced Encryption Standard (AES), which is to replace DES (see Section 3.3). There is no definite deadline for the completion of the AES (see Question 3.3.3).

Several years ago, NIST was asked to choose a set of cryptographic standards for the U.S., this has become known as the Capstone project (see Question 6.2.3). After a few years of rather secretive deliberations, NIST, in cooperation with the NSA (see Question 6.2.2), issued proposals for various standards in cryptography. The combination of these proposals, including digital signatures (DSS, see Question 3.4.1) and data encryption (the Clipper chip, see Question 6.2.4), formed the Capstone project.

NIST has been criticized for allowing the NSA too much power in setting cryptographic standards, since the interests of the NSA sometimes conflict with that of the Commerce Department and NIST. Yet, the NSA has much more experience with cryptography, and many more qualified cryptographers and cryptanalysts than does NIST so it is perhaps unrealistic to expect NIST to forego such readily available assistance.

For more information on NIST, visit their web site at

Top of the page