AGENCY:

National Institute of Standards and Technology (NIST), Commerce.

ACTION:

Notice.

SUMMARY:

The purpose of this notice is to announce that the Secretary of Commerce has approved the withdrawal of seventeen (17) Federal Information Processing Standards (FIPS) Publications.

These FIPS are being withdrawn because they are obsolete, or have not been updated to adopt current voluntary industry standards, current federal data standards, or current good practices for information security. This situation preserves obsolete standards for agency use.

Some of these FIPS adopt voluntary industry standards. Federal agencies and departments are directed by the National Technology Transfer and Advancement Act of 1995 (Public Law 104-113) to use technical standards that are developed in voluntary consensus standards bodies. Consequently, FIPS Start Printed Page 6624that duplicate voluntary industry standards are no longer needed.

Some of these FIPS adopt data standards that are developed and used by other Federal government agencies. These FIPS have not been updated to reflect changes and modifications that have been made to the data representations. The remaining FIPS provide advisory guidance to Federal agencies on information security issues. This advisory guidance, which is not compulsory and binding, has been updated by NIST and issued in more recent recommendations and publications.

EFFECTIVE DATE:

This withdrawal is effective February 8, 2005.

FOR FURTHER INFORMATION CONTACT:

Ms. Shirley M. Radack, telephone (301) 975-2833, National Institute of Standards and Technology, Gaithersburg, MD 20899.

SUPPLEMENTARY INFORMATION:

A notice was published in the Federal Register (Volume 68, Number 42, pages 10204-10205), proposing the withdrawal of seventeen Federal Information Processing Standards (FIPS) Publications. The Federal Register notice solicited comments from the public, academic and research communities, manufacturers, voluntary standards organizations, and Federal, state, and local government organizations. In addition to being published in the Federal Register, the notice was posted on the NIST Web pages; information was provided about the submission of electronic comments.

Comments and questions were received from two private sector organizations or individuals, and from two federal government organizations. The comments dealt with the data representations in FIPS 55-3, Codes for Named Populated Places, Primary County Divisions, and Other Locational Entities of the United States, Puerto Rico, and the Outlying Areas, and in FIPS 95-2, Codes for the Identification of Federal and Federally Assisted Organizations. These data representations will continue to be maintained by the responsible agencies when the FIPS are withdrawn, and NIST will continue to maintain links from its Web pages to the appropriate agency Web pages that provide the data representations.

NIST recommended that the Secretary approve the withdrawal of the seventeen FIPS Publications, and prepared a detailed justification document for the Secretary's review in support of that recommendation.

Following is an analysis of the comments received.

Comment: FIPS 95-2, Codes for the Identification of Federal and Federally Assisted Organizations is an extremely important document that is vital for government wide and industry wide information sharing and data organization. It is true that the document has not been updated recently, but the coding standards are still the best structure available for organizing and presenting government information by entity. There is no commercial equivalent for this data standard.

It is vital not only for industry, but also to facilitate information sharing and collaboration among government organizations that is essential to support homeland security. FIPS 95-2 should be updated and kept current, or an equivalent system be implemented, especially in this time of government restructuring and reorganization.

Response: The data representations for Federal organizations that are available on NIST's web pages have not been updated since 1999. This database of data representations for Federal organizations is maintained by the Bureau of the Census, and will continue to be available to government and private sector organizations that need to use it. NIST will maintain a link from the entry to the withdrawn FIPS 95-2 to the Bureau of the Census Web pages.

Comment: Could you provide a reference to voluntary industry standards that have replaced FIPS 55-3, Codes for Named Populated Places, Primary County Divisions, and Other Locational Entities of the United States, Puerto Rico, and the Outlying Areas, and FIPS 95-2, Codes for the Identification of Federal and Federally Assisted Organizations.

Response: FIPS 55 and FIPS 95 currently provide data representations that are issued and maintained by Federal government agencies, but not by NIST.

FIPS 55 implements the provisions of ANSI X3.47-1993, and contains codes for named populated places, primary county divisions, and other locational entities of the U.S. and areas under the jurisdiction of the U.S. It also includes representations for federal government information such as postal codes, General Services Administration codes, and Bureau of the Census data. The maintenance of FIPS 55 is the responsibility of the U.S. Geological Survey (USGS).

FIPS 95 provides data representations for Federal and Federally assisted organizations, and is maintained by the Bureau of the Census with input from the General Services Administration and the Department of Defense.

Both sets of data representations will continue to be issued and maintained by the responsible agencies when the FIPS are withdrawn. NIST plans to have links from its Web pages to the appropriate agency Web pages that provide the data representations. In addition, NIST is investigating the possibility of a voluntary industry standards committee accepting the standard data representations and assigning registration authority for the data representations to the agencies that are currently issuing and maintaining them.

This notice provides the FIPS publication number, title, and the technical specifications number for each of the seventeen FIPS Publications being withdrawn:

FIPS 8-6, Metropolitan Areas (Including MSAs, CMSAs, PMSAs, and NECMAs).

FIPS 9-1, Congressional Districts of the U.S.

FIPS 31, Guidelines for Automatic Data Processing Physical Security and Risk Management.

FIPS 48, Guidelines on Evaluation of Techniques for Automated Personal Identification.

FIPS 55-3, Codes for Named Populated Places, Primary County Divisions, and Other Locational Entities of the United States, Puerto Rico, and the Outlying Areas.

FIPS 66, Standard Industrial Classification (SIC) Codes.

FIPS 73, Guidelines for Security of Computer Applications.

FIPS 83, Guideline on User Authentication Techniques for Computer Network Access Control.

FIPS 87, Guidelines for ADP Contingency Planning.

FIPS 92, Guideline for Standard Occupational Classification (SOC) Codes.

FIPS 95-2, Codes for the Identification of Federal and Federally Assisted Organizations.

FIPS 102, Guideline for Computer Security Certification and Accreditation.

FIPS 112, Password Usage.

FIPS 127-2, Database Language SQL (ANSI X3.135-1992).

FIPS 159, Detail Specification for 62.5-um Core Diameter/125-um Cladding Diameter Class 1A Multimode, Graded-index Optical Waveguide Fibers.

FIPS 171, Key Management Using ANSI X9.17.

FIPS 173-1, Spatial Data Transfer Standard.

Withdrawal means that the FIPS will no longer be part of a subscription series that is provided by the National Start Printed Page 6625Technical Information Service, and that NIST will no longer be able to support the standards by answering implementation questions or updating the FIPS when the voluntary industry standards are revised. NIST will continue to provide relevant information on standards and guidelines by means of electronic dissemination methods, and will keep references to the withdrawn FIPS on its FIPS Web pages.

Authority: Federal Information Processing Standards Publications (FIPS PUBS) are issued by the National Institute of Standards and Technology after approval by the Secretary of Commerce pursuant to Section 5131 of the Information Technology Management Reform Act of 1996 (Pub. L. 104-106), the Federal Information Security Management Act of 2002 (Pub. L. 107-347), and Appendix III to Office of Management and Budget Circular A-130.

Executive Order 12866: This notice has been determined to be not significant under Executive Order 12866.