[Federal Register Volume 63, Number 190 (Thursday, October 1, 1998)]
[Notices]
[Page 52693]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 98-26318]
=======================================================================
-----------------------------------------------------------------------
ENVIRONMENTAL PROTECTION AGENCY
[FRL-6170-9]
Federal Information Processing Publications (FIPs) Waiver
ACTION: Notice of FIPS waiver.
-----------------------------------------------------------------------
SUMMARY: The Chief Information Officer for the Environmental Protection
Agency has granted a waiver to the Agency to use the cryptographical
features provided in Travel Manager Plus in lieu of the Secure Hashing
Standard (FIPS PUB 180-1), Digital Signature Standard (FIPS PUB 186),
and Data Encryption Standard (FIPS PUB 46-2). This waiver is pursuant
to section 111 (d) (3) of the Federal Property and Services Act of
1949, as amended.
DATES: The waiver takes effect upon authorization and will expire
January 1, 2001. If the vendor incorporates Federal standards into the
core product prior to January 1, 2001, EPA will end the waiver early at
that time.
FOR FURTHER INFORMATION CONTACT: Mark Day, Office of Information
Resources Management, 401 M Street S.W. (3401), Washington, D.C. 20460,
202-260-4465.
SUPPLEMENTARY INFORMATION: Federal Information Processing Standards
publications (FIPS PUBS) for the Secure Hashing Standard (FIPS PUB 180-
1), Digital Signature Standard (FIPS PUB 186), and the Data Encryption
Standard (FIPS PUB 46-2) establish standards for generating digital
signatures (which can be used to verify authenticity) and for the
encryption of sensitive information transmitted and stored
electronically. These FIPS publications also allow Federal agencies to
waive them under certain circumstances:
A waiver may be granted if compliance with a standard would
adversely affect the accomplishment of the mission of an operator of
a Federal computer system; or compliance with a standard would cause
a major financial impact on the operator which is not offset by
Government-wide savings.
The Chief Information Officer for the Environmental Protection
Agency (EPA) has granted a waiver of FIPS PUBS 180-1, 186, and 46-2 to
enable EPA to use the built-in cryptographical features of the product
Travel Manager. The installed version of Travel Manager Plus, currently
used by EPA, does not employ FIPS standard cryptography.
EPA determined that the cryptographic protection embedded in Travel
Manager Plus provides an appropriate level of security to protect the
unclassified information used, communicated, and stored by EPA. Upon
reviewing Travel Manager Plus' cryptographic capabilities, Agency
personnel have concluded that if properly implemented, Travel Manager
Plus provides a full range of security functionality that satisfies
Agency requirements.
The additional costs required to purchase and maintain FIPS-
compliant products that provide equivalent security functionality as
that provided by non-standard, but commercially acceptable cryptography
found in Travel Manager Plus is a significant factor underlying the
granting of this waiver. The acquisition costs for either software-or
hardware-based products that implement existing Federal cryptographic
standards are unnecessary. By using the cryptography embedded in Travel
Manager Plus, EPA is able to avoid unnecessary costs, while utilizing
security functionality widely used throughout the Federal government.
In accordance with FIPS requirements, notice of this waiver has
been sent to the National Institute of Standards and Technology, the
Committee on Government Reform and Oversight of the House of
Representatives, and the Committee on Governmental Affairs of the
Senate.
Dated: September 17, 1998.
John Sandy,
Acting Assistant Administrator and Chief Information Officer.
[FR Doc. 98-26318 Filed 9-30-98; 8:45 am]
BILLING CODE 6560-50-P
