AGENCY:

National Institute of Standards and Technology (NIST), Commerce.

ACTION:

Notice.

SUMMARY:

This notice announces the withdrawal of six Federal Information Processing Standards (FIPS): FIPS 181, FIPS 185, FIPS 188, FIPS 190, FIPS 191 and FIPS 196.

These FIPS are obsolete and are being withdrawn because they have not been updated to reference current or revised voluntary industry standards, federal specifications, or federal data standards. Federal agencies are responsible for using current voluntary industry standards and current federal specifications and data standards in their acquisition and management activities.

DATES:

The withdrawal of FIPS 181, FIPS 185, FIPS 188, FIPS 190, FIPS 191 and FIPS 196 is effective on October 19, 2015.

FOR FURTHER INFORMATION CONTACT:

Ms. Diane Honeycutt, telephone (301) 975-8443, National Institute of Standards and Technology, 100 Bureau Drive, MS 8930, Gaithersburg, MD 20899-8930 or via email at dhoneycutt@nist.gov

Authority:

Federal Information Processing Standards Publications (FIPS PUBS) are issued by the National Institute of Standards and Technology after approval by the Secretary of Commerce, pursuant to Section 5131 of the Information Technology Management Reform Act of 1996 (Pub. L. 104-106), and the Federal Information Security Management Act of 2002 (Pub. L. 107-347).

SUPPLEMENTARY INFORMATION:

The Information Technology Management Reform Act of 1996 (Division E of Pub. L. 104-106) and Executive Order 13011 emphasize agency management of information technology and Government-wide interagency support activities to improve productivity, security, interoperability, and coordination of Government resources. Under the National Technology Transfer and Advancement Act of 1995 (Pub. L. 104-113), Federal agencies and departments are directed to use technical standards that are developed or adopted by voluntary consensus standards bodies, using such technical standards as a means to carry out policy objectives or activities determined by the agencies and departments. Voluntary industry standards are the preferred source of standards to be used by the Federal government. The use of voluntary industry standards eliminates the cost to the government of developing its own standards, and furthers the policy of reliance upon the private sector to supply goods and services to the government.

A notice was published in the Federal Register (80 FR 2398) on January 16, 2015, announcing the proposed withdrawal of FIPS 181, FIPS 185, FIPS 188, FIPS 190, FIPS 191 and FIPS 196. The Federal Register notice solicited comments from the public, users, the information technology industry, and Federal, State, and local government organizations concerning the withdrawal of the FIPS.

Comments were received from one commenter: an industry organization. These comments are posted at http://csrc.nist.gov/​publications/​PubsFIPS.html.

Following is a summary of the comments received.

The single set of comments received was from an industry organization and pertained solely to the withdrawal of FIPS 185, Escrowed Encryption Standard. The comments supported the withdrawal of FIPS 185, Escrowed Encryption Standard. The commenter stated that the citation of Skipjack as the reference algorithm, vulnerabilities in Escrowed Encryption Standards, and potential for misuse of escrowed encryption keys were reasons for supporting the withdrawal of FIPS 185.

No comments were received concerning the other five standards that had been proposed for withdrawal.

The FIPS number and title for each of the six FIPS being withdrawn are:

FIPS 181, Automated Password Generator,

FIPS 185, Escrowed Encryption Standard,

FIPS 188, Standard Security Label for Information Transfer,

FIPS 190, Guideline for the Use of Advanced Authentication Technology Alternatives,

FIPS 191, Guideline for the Analysis of Local Area Network Security, and

FIPS 196, Entity Authentication using Public Key Cryptography.

Withdrawal means that these FIPS will no longer be part of a subscription service that is provided by the National Technical Information Service, and federal agencies will no longer be required to comply with these FIPS. NIST will continue to provide relevant information on standards and guidelines by means of electronic dissemination methods. Current versions of the data standards and specifications are available through the Web pages of the Federal agencies that develop and maintain the data codes. NIST will keep references to these withdrawn FIPS on its FIPS Web pages, and will link to current versions of these standards and specifications where appropriate.