The reputation of the U.S. National Institute of Standards and Technology (NIST) took a massive hit last year when it was suggested in revelations made by Edward Snowden that one of its standard procedures for generating random bit sequences had been subverted by the Nation Security Agency (NSA).
If the suggestions were correct, then the flaw in the Dual-EC DRBG mechanism would allow NSA (and potentially others) to surreptitiously intercept encrypted communications from products that implemented the procedure.
Fortunately, few products did, in fact, implement the flawed procedure, and NIST has now deleted it from its guidance, indicating that implementations should be considered non-compliant. NIST has acted as a trusted source of guidance on matters related to information security for many years, and it has recently acted to restore its reputation in this area by instituting an open review of its procedures for standardizing cryptographic algorithms and protocols.
It is to be hoped that NIST can quickly put this unfortunate incident behind it and again direct its expertise and resources to improving the security of information systems — both within the U.S. government, and in the broader community.