2015-00657. Proposed Withdrawal of Six Federal Information Processing Standards  

  • Start Preamble

    AGENCY:

    National Institute of Standards and Technology (NIST), Commerce.

    ACTION:

    Notice; Request for comments.

    SUMMARY:

    The National Institute of Standards and Technology (NIST) proposes to withdraw six (6) Federal Information Processing Standards (FIPS) from the FIPS series. The standards proposed for withdrawal are: FIPS 181, FIPS 185, FIPS 188, FIPS 190, FIPS 191 and FIPS 196.

    These FIPS are obsolete because they have not been updated to reference current or revised voluntary industry standards. They also are not updated to reflect the changes and modifications that have been made by the organizations that develop and maintain the specifications and data representations. In addition, FIPS 188 adopts specifications and data standards that are developed and maintained by other Federal government agencies and by voluntary industry standards organizations.

    Prior to the submission of this proposed withdrawal of FIPS to the Secretary of Commerce for review and approval, NIST invites comments from the public, users, the information technology industry, and Federal, State and local governments and government organizations concerning the withdrawal of the FIPS.

    DATES:

    Comments on the proposed withdrawal of the FIPS must be received no later than 5 p.m. Eastern Time on March 2, 2015.

    ADDRESSES:

    Written comments concerning the withdrawal of the FIPS should be sent to Information Technology Laboratory, ATTN: Proposed Withdrawal of 6 FIPS, National Institute of Standards and Technology, 100 Bureau Drive, Mail Stop 8930, Gaithersburg, MD 20899-8930.

    Electronic comments should be sent to: fipswithdrawal@nist.gov.

    Information about the FIPS is available on the NIST Web pages http://csrc.nist.gov/​publications/​PubsFIPS.html.

    Comments received in response to this notice will be published electronically at http://csrc.nist.gov/​publications/​PubsFIPS.html without change or redaction, so commenters should not include information they do not wish to be posted (e.g., personal or confidential business information).

    Start Further Info

    FOR FURTHER INFORMATION CONTACT:

    Ms. Diane Honeycutt, telephone (301) 975-8443, National Institute of Standards and Technology, 100 Bureau Drive, MS 8930, Gaithersburg, MD 20899-8930 or via email at dhoneycutt@nist.gov.

    End Further Info End Preamble Start Supplemental Information

    SUPPLEMENTARY INFORMATION:

    The following Federal Information Processing Standards (FIPS) Publications are proposed for withdrawal from the FIPS series:

    FIPS 181, Automated Password Generator,

    FIPS 185, Escrowed Encryption Standard,

    FIPS 188, Standard Security Label for Information Transfer,

    FIPS 190, Guideline for the Use of Advanced Authentication Technology Alternatives,

    FIPS 191, Guideline for the Analysis of Local Area Network Security, and

    FIPS 196, Entity Authentication using Public Key Cryptography.

    These FIPS are being proposed for withdrawal because they are obsolete or have not been updated to adopt current voluntary industry standards, federal specifications, or federal data standards. Federal agencies are responsible for using current voluntary industry standards and current federal specifications and data standards in their acquisition and management activities.

    The Information Technology Management Reform Act of 1996 (Division E of Pub. L. 104-106) and Executive Order 13011 emphasize agency management of information technology and Government-wide interagency support activities to improve productivity, security, interoperability, and coordination of Government resources. Under the National Technology Transfer and Advancement Act of 1995 (Pub. L. 104-113) Federal agencies and departments are directed to use technical standards that are developed or adopted by voluntary consensus standards bodies, using such technical standards as a means to carry out policy objectives or activities determined by the agencies and departments. Voluntary industry standards are the preferred source of standards to be used by the Federal government. The use of voluntary industry standards eliminates the cost to the government of developing its own standards, and furthers the policy of reliance upon the private sector to supply goods and services to the government.

    FIPS 181, FIPS 190 and FIPS 196 are Federal standards on electronic authentication technologies. NIST proposes withdrawing these standards because they reference withdrawn cryptographic standards and newer guidance has been developed based on modern technologies.

    FIPS 191 is being withdrawn because new technologies, techniques and threats to computer networks have made the standard obsolete.

    FIPS 185 is being withdrawn because it references a cryptographic algorithm that is no longer approved for U.S. government use. FIPS 185, Escrowed Encryption Standard, specifies use of a symmetric-key encryption (and decryption) algorithm (SKIPJACK) and a Law Enforcement Access Field (LEAF) creation method which was intended to support lawfully authorized electronic surveillance. The SKIPJACK algorithm is no longer approved to protect sensitive government information, and NIST recommends the use of newer techniques for data security based on current algorithms.

    NIST proposes the withdrawal of FIPS 188 because it is a Federal data standard that is now maintained, updated and kept current by Federal government agencies other than NIST. Executive Order 13556 “Controlled Unclassified Information” assigns the responsibility for this data standard to the National Start Printed Page 2399Archives and Records Administration, and it is available through their Web pages.

    Should the Secretary of Commerce approve the withdrawal of these FIPS, NIST will keep references to the withdrawn FIPS on its FIPS Web pages and will link to current versions of these standards and specifications where appropriate.

    Withdrawal means that these FIPS would no longer be part of a subscription service that is provided by the National Technical Information Service and federal agencies will no longer be required to comply with these FIPS. NIST will continue to provide relevant information on standards and guidelines by means of electronic dissemination methods.

    Comments received in response to this notice will be published electronically at http://csrc.nist.gov/​publications/​PubsFIPS.html without change or redaction, so commenters should not include information they do not wish to be posted (e.g., personal or confidential business information).

    Start Authority

    Authority: Federal Information Processing Standards Publications (FIPS PUBS) are issued by the National Institute of Standards and Technology after approval by the Secretary of Commerce, pursuant to Section 5131 of the Information Technology Management Reform Act of 1996 (Pub. L. 104-106), and the Federal Information Security Management Act of 2002 (Pub. L. 107-347).

    End Authority Start Signature

    Dated: January 6, 2015.

    Richard Cavanagh,

    Acting Associate Director for Laboratory Programs.

    End Signature End Supplemental Information

    [FR Doc. 2015-00657 Filed 1-15-15; 8:45 am]

    BILLING CODE 3510-13-P

Document Information

Published:
01/16/2015
Department:
National Institute of Standards and Technology
Entry Type:
Notice
Action:
Notice; Request for comments.
Document Number:
2015-00657
Dates:
Comments on the proposed withdrawal of the FIPS must be received no later than 5 p.m. Eastern Time on March 2, 2015.
Pages:
2398-2399 (2 pages)
Docket Numbers:
Docket Number 141021884-4884-01
PDF File:
2015-00657.pdf