ChaCha20 is a stream cipher, and there currently isn't any NIST-approved stream cipher at all. The only options are the block ciphers AES, Triple DES and Skipjack (the latter is only approved for decryption). Of course those block ciphers can be (and almost always are) used in a NIST-approved mode of operation like GCM which make them behave like stream ciphers, but the underlying ciphers are still block ciphers.

The topic of standardizing a stream cipher especially for resource-constrainted environments has been discussed within the NIST since at least 2011. In the Lightweight Crypto Standardization Process, there was at least one stream cipher (Grain-128AEAD) which made it to the final round, but ultimately, it lost to a block cipher.

So the NIST doesn't reject stream ciphers, nor have they (as far as I'm aware) ever recommended against ChaCha20 in particular. It's just that the algorithm hasn't gone through any NIST standardization process. I'm not even sure if Bernstein ever tried, so the chances of a FIPS approval anytime soon seem slim – regardless of whether or not ChaCha20 is a good cipher.

ChaCha20 is a stream cipher, and there currently isn't any NIST-approved stream cipher at all. The only option is the block cipher AES (Triple DES and Skipjack are only approved for legacy decryption). Of course AES can be (and almost always is) used in a mode of operation like GCM which makes it behave like a stream cipher, but it's still a block cipher.

The topic of standardizing a stream cipher especially for resource-constrainted environments has been discussed within the NIST since at least 2011. In the Lightweight Crypto Standardization Process, there was at least one stream cipher (Grain-128AEAD) which made it to the final round, but ultimately, it lost to a block cipher.

So the NIST doesn't reject stream ciphers, nor have they (as far as I'm aware) ever recommended against ChaCha20 in particular. It's just that the algorithm hasn't gone through any NIST standardization process. I'm not even sure if Bernstein ever tried, so the chances of a FIPS approval anytime soon seem slim – regardless of whether or not ChaCha20 is a good cipher.

ChaCha20 is a stream cipher, and there currently isn't any NIST-approved stream cipher at all. The only options are the block ciphers AES, Triple DES and Skipjack (the latter is only approved for decryption).

The topic of standardizing a stream cipher especially for resource-constrainted environments has been discussed within the NIST since at least 2011. In the Lightweight Crypto Standardization Process, there was at least one stream cipher (Grain-128AEAD) which made it to the final round, but ultimately, it lost to a block cipher.

So the NIST doesn't reject stream ciphers, nor have they (as far as I'm aware) ever recommended against ChaCha20 in particular. It's just that the algorithm hasn't gone through any NIST standardization process. I'm not even sure if Bernstein ever tried, so the chances of a FIPS approval anytime soon seem slim – regardless of whether or not ChaCha20 is a good cipher.

ChaCha20 is a stream cipher, and there currently isn't any NIST-approved stream cipher at all. The only options are the block ciphers AES, Triple DES and Skipjack (the latter is only approved for decryption). Of course those block ciphers can be (and almost always are) used in a NIST-approved mode of operation like GCM which make them behave like stream ciphers, but the underlying ciphers are still block ciphers.

The topic of standardizing a stream cipher especially for resource-constrainted environments has been discussed within the NIST since at least 2011. In the Lightweight Crypto Standardization Process, there was at least one stream cipher (Grain-128AEAD) which made it to the final round, but ultimately, it lost to a block cipher.

So the NIST doesn't reject stream ciphers, nor have they (as far as I'm aware) ever recommended against ChaCha20 in particular. It's just that the algorithm hasn't gone through any NIST standardization process. I'm not even sure if Bernstein ever tried, so the chances of a FIPS approval anytime soon seem slim – regardless of whether or not ChaCha20 is a good cipher.