RSA Laboratories

8.4 Where can I learn more about cryptography standards?

Several organizations are involved in defining standards related to aspects of cryptography and its applications


The American National Standards Institute (ANSI) has a broadly based standards program, and some of the groups within its Financial Services area (Committee X9; see Question 5.3.1) establish standards related to cryptographic algorithms. Examples include X9.17 (key management: wholesale), X9.19 (message authentication: retail), and X9.30 (public-key cryptography). Information can be found at


The Institute of Electrical and Electronic Engineers (IEEE) has a broadly based standards program, including P1363 (see Question 5.3.5). Information can be found at


The Internet Engineering Task Force (IETF) is the defining body for Internet protocol standards. Its security area working groups specify means for incorporating security into the Internet's layered protocols. Examples include IP layer security (IPSec; see Question 5.1.4), transport layer security (TLS; see Question 5.1.2), Domain Name System security (DNSsec) and Generic Security Service API (GSS-API; see Question 5.2.2). Information can be found at


The International Standards Organization's International Electrotechnical Commission (ISO/IEC) and the International Telecommunications Union's Telecommunication Standardization Sector (ITU-T; see Question 5.3.2) have broadly-based standards programs (many of which are collaborative between the organizations), which include cryptographically-related activities (see Question 5.3.4. Example results are: ITU-T Recommendation X.509, which defines facilities for public-key certification, and the ISO/IEC 9798 document series, which defines means for entity authentication. ITU information can be found at and ISO information at


The U.S. National Institute of Standards and Technology (NIST)'s Information Technology Laboratory produces a series of information processing specifications (Federal Information Processing Standards (FIPS)), several of which are related to cryptographic algorithms and usage. Examples include FIPS PUB 46-3 (Data Encryption Standard (DES)) and FIPS PUB 186 (Digital Signature Standard (DSS)). Information is available at

Open Group

The Open Group produces a range of standards, some of which are related to cryptographic interfaces (APIs; see Question 5.2.1) and infrastructure components. Examples include Common Data Security Architecture (CDSA) and Generic Crypto Service API (GCS-API). Information can be found at


RSA Laboratories is responsible for the development of the Public-key cryptography Standards (PKCS; see Question 5.3.3) series of specifications, which define common cryptographic data elements and structures. Information can be found at

Top of the page