NIST IR 8241
Organizational Views of NIST
Cryptographic Standards and Testing
and Validation Programs
Julie Haney
Mary Theofanos
Yasemin Acar
Sandra Spickard Prettyman
This publication is available free of charge from:
https://doi.org /10.6028/ NIST .IR.8241
NISTIR 8241
Organizational Views of NIST
Cryptographic Standards and Testing
and Validation Programs
Julie Haney
Information Technology Laboratory
Mary Theofanos
Material Measurement Laboratory
Yasemin Acar
Leibniz University Hannover
Sandra Spickard Prettyman
Culture Catalyst , LLC
This publication is available free of charge from:
https://doi.org /10.6028/ NIST .IR.8241
December 2018
U.S. Department of Commerce
Wilbur L. Ross, Jr., Secretary
National Institute of Standards and Technology
Walter Copan, NIST Director and Undersecretary of Commerce for Standards and Technology
i
This publication is available free of charge from: https://doi.org /10.6028/NIST.IR.8241
Abstract
Cryptography is an essential component of modern computing. Unfortunately, implementing cryptography correctly is a non- trivial undertaking. Past research studies have supported this
observation by revealing a multitude of errors and pitfalls in the crypto graphic
implementations of software products. However, the emphasis of these studies was on the practices of less -experienced, individual developers. Therefore, there is little understanding
of the cryptographic development practices of organizations, incl uding the benefits and
challenges of using cryptographic resources such as standards specifications and libraries. To address this gap, a research team led by the National Institute of Standards and Technology
(NIST) Information Technology Laboratory Visualization and Usability Group conducted a qualitative investigation into the processes and resources that organizations employ in the deve lopment and testing of cryptographic products. The study involved 21 in- depth
interviews of 29 participants representing organizations that develop either a security product that uses cryptography or a non- security product that heavily relies on cryptograp hy. This
report categorizes and enumerates a subset of findings that document participant comments specific to NIST cryptographic publications and testing/validation programs , with a goal of
informing future decisions of NIST and other standards bodies wor king in this space.
Key words
cryptography; development; standards ; testing; validation
ii
This publication is available free of charge from: https://doi.org /10.6028/NIST.IR.8241
Table of Contents
Introduction ..................................................................................................................... 1
Background: NIST Cryptographic Standards and Testing/Validation Programs ... 1
Study Methodology .......................................................................................................... 2
3.1. Recruitment ................................................................................................................. 2
3.2. Data Collection ............................................................................................................ 3
3.3. Data Analysis .............................................................................................................. 3
Participant and Organization Demographics ............................................................... 4
NIST -Specific Findings ................................................................................................... 6
5.1. Standards ..................................................................................................................... 6
5.1.1. Benefits .................................................................................................................. 6
NIST.IR.8241
安全标准 >
NIST >
文档预览
中文文档
35 页
50 下载
1000 浏览
0 评论
0 收藏
3.0分
温馨提示:本文档共35页,可预览 3 页,如浏览全部内容或当前文档出现乱码,可开通会员下载原始文档
本文档由 思安 于 2022-12-05 09:18:37上传分享