[Federal Register Volume 64, Number 221 (Wednesday, November 17, 1999)]
[Notices]
[Pages 62654-62655]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 99-30051]
-----------------------------------------------------------------------
DEPARTMENT OF COMMERCE
National Institute of Standards and Technology
[Docket No. 980911236-9246-02]
RIN 0693-ZA 22
Announcing Draft Federal Information Processing Standard (FIPS)
140-2, Security Requirements for Cryptographic Modules, and Request for
Comments
AGENCY: National Institute of Standards and Technology (NIST),
Commerce.
ACTION: Notice; request for comments.
-----------------------------------------------------------------------
SUMMARY: This notice announces Draft Federal Information Processing
Standard 140-2, Security Requirements for Cryptographic Modules, for
public review and comment. The draft
[[Page 62655]]
standard, designated ``Draft FIPS 140-2,'' is proposed to supersede
FIPS 140-1.
FIPS 140-1, first published in 1994, specified that it be reviewed
within five years. In 1998, NIST solicited public comments on
reaffirming the standard. The comments received by NIST supported
maintaining the standard. The comments also supported updating the
standard due to advances in technology. The proposed revision (Draft
FIPS 140-2) is now available for public review and comment.
Prior to the submission of this proposed standard to the Secretary
of Commerce for review and approval, it is essential that consideration
is given to the needs and views of the public, users, the information
technology industry, and Federal, State and local government
organizations. The purpose of this notice is to solicit such views.
DATES: Comments must be received on or before February 15, 2000.
ADDRESSES: Written comments may be sent to: Chief, Computer Security
Division, Information Technology Laboratory, Attention: Comments on
Draft FIPS 140-2, 100 Bureau Drive--Stop 8930, National Institute of
Standards and Technology, Gaithersburg, MD 20899-8930.
Electronic comments may also be sent to: ``P2@nist.gov.''
Copies of the current FIPS 140-1 and its proposed replacement,
Draft FIPS 140-2, are available from the Computer Security Division,
Information Technology Laboratory, 100 Bureau Drive--Stop 8930,
National Institute of Standards and Technology, Gaithersburg, MD 20899-
8930. They are also available electronically at: http://csrc.nist,gov/
fips/. Comments received in response to this notice will be published
electronically at http://csrc.nist.gov/cryptval/.
FOR FURTHER INFORMATION CONTACT: Mr. Ray Snouffer, Computer Security
Division, 100 Bureau Drive, Stop 8930, National Institute of Standards
and Technology, Gaithersburg, MD 20899-8930, telephone (301) 975-4436.
SUPPLEMENTARY INFORMATION: FIPS 140-1, Security Requirements for
Cryptographic Modules, first issued in 1994, identifies requirements
for four security levels for cryptographic modules to provide for a
wide spectrum of data sensitivity (e.g., low value administrative data,
million dollar funds transfers, and life protecting data), and a
diversity of application environments. Over 60 modules have been tested
by accredited private-sector laboratories and validated to-date as
conforming to this standard. The standard provided that it be reviewed
within five years to consider its continued usefulness and whether new
or revised requirements should be added.
A notice was published in the Federal Register (Volume 63, Number
205) on October 23, 1998, soliciting public comments on reaffirming the
standard. The comments (available at http://csrc.nist.gov/cryptval/)
supported reaffirmation of the standard, but suggested technical
modifications to address advances in technology since the standard was
originally issued. Using these comments, NIST prepared by Draft FIPS
140-2.
Authority: NIST's activities to develop computer security
standards to protect Federal sensitive (unclassified) systems are
undertaken pursuant to specific responsibilities assigned to NIST in
section 5131 of the Information Technology Management Reform Act of
1996 (Pub. L. 104-106), the Computer Security of 1987 (Pub. L. 100-
235), and Appendix III to Office of Management and Budget Circular
A-130.
Dated: November 11, 1999.
Karen H. Brown,
Deputy Director, National Institute of Standards and Technology.
[FR Doc. 99-30051 Filed 11-16-99; 8:45 am]
BILLING CODE 3510-CN-M
