Re: If you value your security get a hardware random number generator -- or two
Actually NIST doesn't. Not for crypto. That's a common fallacy. It's in the front matter, quoting from NIST 800-90b:-
"This publication has been developed by NIST in accordance with its statutory responsibilities under the [Federal Information Security Modernization Act (FISMA) of 2014, 44 U.S.C. § 3551 et seq.](https://www.congress.gov/113/plaws/publ283/PLAW-113publ283.pdf), Public Law (P.L.) 113-283. NIST is responsible for developing information security standards and guidelines, including minimum requirements for federal information systems, but such standards and guidelines shall not apply to national security systems without the express approval of appropriate federal officials exercising policy authority over such systems. "
Which says:-
"§ 3553. Authority and functions of the Director and the Secretary:-
‘‘(d) NATIONAL SECURITY SYSTEMS.—Except for the authorities and functions described in subsection (a)(5) and subsection (c), the authorities and functions of the Director and the Secretary under this section shall not apply to national security systems.
‘‘(e) DEPARTMENT OF DEFENSE AND INTELLIGENCE COMMUNITY SYSTEMS.—(1) The authorities of the Director described in para-graphs (1) and (2) of subsection (a) shall be delegated to the Sec-retary of Defense in the case of systems described in paragraph (2) and to the Director of National Intelligence in the case of systems described in paragraph (3). "
So, good enough for the people, but not (US) national security?