[Federal Register Volume 63, Number 205 (Friday, October 23, 1998)]
[Notices]
[Page 56910]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 98-28513]
-----------------------------------------------------------------------
DEPARTMENT OF COMMERCE
National Institute of Standards and Technology
[Docket No. 980911236-8236-01]
Proposed Reaffirmation of Federal Information Processing Standard
(FIPS) 140-1, Security Requirements for Cryptographic Modules
AGENCY: National Institute of Standards and Technology (NIST),
Commerce.
ACTION: Notice: request for comments .
-----------------------------------------------------------------------
SUMMARY: The purpose of this notice is to announce NIST's five-year
review of FIPS 140-1, Security Requirements for Cryptographic Modules,
for Federal agency use. FIPS 140-1 was first issued in 1994. The
standard identifies requirements for four security levels for
cryptographic modules to provide for a wide spectrum of data and a
diversity of application environments. The standard provided that it be
reviewed within five (5) years to consider its usefulness and new or
revised requirements that may be needed to meet technological and
economic changes.
DATES: Comments on this review of FIPS 140-1 must be received on or
before January 21, 1999.
ADDRESSES: Written comments concerning this standard should be sent to:
Information Technology Laboratory, ATTN: Review of FIPS 140-1, Bldg.
820, Room 562, National Institute of Standards and Technology,
Gaithersburg, MD 20899. Comments may also be sent via e-mail to ``1review@nist.gov.'' All comments, written and electronic, will be
published on NIST web site ``http:csrc.nist.gov /encryption/.''
FOR FURTHER INFORMATION CONTACT: Mr. Miles Smid (301) 975-2938,
National Institute of Standards and Technology, Gaithersburg, MD 20899.
SUPPLEMENTARY INFORMATION: FIPS 140-1, Security Requirements for
Cryptographic Modules, first issued in 1994, identifies requirements
for four security levels for cryptographic modules to provide for a
wide spectrum of data sensitivity (e.g., low value administrative data,
million dollar funds transfers, and life protecting data), and a
diversity of application environments. The standard provided that it be
reviewed within five (5) years to consider its usefulness and new or
revised requirements that may be needed to meet technological and
economic changes.
Interested parties may order a copy of FIPS 140-1 from the National
Technical Information Service (NTIS), 5285 Port Royal Road,
Springfield, VA 22161. Telephone (703) 487-1650. Copies of FIPS 140-1
may also be downloaded from http://csrc.nist.gov /fips.
Comments from industry, government agencies, and the public are
invited on the following alternatives for FIPS 140-1.
--Reaffirm the standard for another five (5) years. NIST would continue
to support the validation of cryptographic modules that implement the
standard. FIPS 140-1 would continue to be an approved method for
protecting unclassified information.
--Revise the applicability and/or implementation statements of the
standard. Please include specific recommendations. If a revision is
necessary, NIST will continue to support the FIPS 140-1 validation
program until the revision is approved.
Comments on other proposed recommendations would also be welcomed.
Authority: Federal Information Processing Standards Publications
(FIPS PUBS) are issued by the National Institute of Standards and
technology after approval by the Secretary of Commerce pursuant to
Section 5131 of the Information Technology Management Reform Act of
1996 and the computer Security of 1987, Public Law 104-106.
Dated: October 19, 1998.
Robert E. Hebner,
Acting Deputy Director.
[FR Doc. 98-28513 Filed 10-22-98; 8:45 am]
BILLING CODE 3510-CN-M
