New NIST Encryption Guidelines May Force Federal Agencies to Replace Old Websites
Next month the National Institute of Standards and Technology (NIST) plans to put out for public review its draft for a new government encryption standard that, when finalized, is going to compel federal agencies with older websites to replace them.
NIST's current standard calls for federal agencies to support Transport Layer Security 1.0 encryption, but the updated version is going to require TLS 1.1 and 1.2, says Tim Polk, computer scientist and group manager for NIST's cryptology technology group. Since websites and browsers support secure communications through TLS, government agencies that haven't already moved to TLS 1.1 and 1.2 need to be aware that they are going to have to in the future, Polk advises.
The new federal government standard, when finalized -- this typically occurs within six months of the release of a draft for public review -- will make it clear there's a time frame that websites and browsers should be up to date. On new requirements.