Actually, the malarkey with Dual_EC_PRNG was forced through NIST process by the NSA. NIST was given the reigns of standardization of crypto after the DES stuff was found to be intentionally weak, and the AES process was well-executed.
Beyond that, NIST does not recommend use of Dual_EC_PRNG...