[Federal Register Volume 63, Number 205 (Friday, October 23, 1998)]
[Notices]
[Page 56910]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 98-28513]


-----------------------------------------------------------------------

DEPARTMENT OF COMMERCE

National Institute of Standards and Technology
[Docket No. 980911236-8236-01]


Proposed Reaffirmation of Federal Information Processing Standard 
(FIPS) 140-1, Security Requirements for Cryptographic Modules

AGENCY: National Institute of Standards and Technology (NIST), 
Commerce.

ACTION: Notice: request for comments .

-----------------------------------------------------------------------

SUMMARY: The purpose of this notice is to announce NIST's five-year 
review of FIPS 140-1, Security Requirements for Cryptographic Modules, 
for Federal agency use. FIPS 140-1 was first issued in 1994. The 
standard identifies requirements for four security levels for 
cryptographic modules to provide for a wide spectrum of data and a 
diversity of application environments. The standard provided that it be 
reviewed within five (5) years to consider its usefulness and new or 
revised requirements that may be needed to meet technological and 
economic changes.

DATES: Comments on this review of FIPS 140-1 must be received on or 
before January 21, 1999.

ADDRESSES: Written comments concerning this standard should be sent to: 
Information Technology Laboratory, ATTN: Review of FIPS 140-1, Bldg. 
820, Room 562, National Institute of Standards and Technology, 
Gaithersburg, MD 20899. Comments may also be sent via e-mail to ``140-
[email protected].'' All comments, written and electronic, will be 
published on NIST web site ``http:csrc.nist.gov /encryption/.''

FOR FURTHER INFORMATION CONTACT: Mr. Miles Smid (301) 975-2938, 
National Institute of Standards and Technology, Gaithersburg, MD 20899.

SUPPLEMENTARY INFORMATION: FIPS 140-1, Security Requirements for 
Cryptographic Modules, first issued in 1994, identifies requirements 
for four security levels for cryptographic modules to provide for a 
wide spectrum of data sensitivity (e.g., low value administrative data, 
million dollar funds transfers, and life protecting data), and a 
diversity of application environments. The standard provided that it be 
reviewed within five (5) years to consider its usefulness and new or 
revised requirements that may be needed to meet technological and 
economic changes.
    Interested parties may order a copy of FIPS 140-1 from the National 
Technical Information Service (NTIS), 5285 Port Royal Road, 
Springfield, VA 22161. Telephone (703) 487-1650. Copies of FIPS 140-1 
may also be downloaded from http://csrc.nist.gov /fips.
    Comments from industry, government agencies, and the public are 
invited on the following alternatives for FIPS 140-1.

--Reaffirm the standard for another five (5) years. NIST would continue 
to support the validation of cryptographic modules that implement the 
standard. FIPS 140-1 would continue to be an approved method for 
protecting unclassified information.
--Revise the applicability and/or implementation statements of the 
standard. Please include specific recommendations. If a revision is 
necessary, NIST will continue to support the FIPS 140-1 validation 
program until the revision is approved.

    Comments on other proposed recommendations would also be welcomed.

    Authority: Federal Information Processing Standards Publications 
(FIPS PUBS) are issued by the National Institute of Standards and 
technology after approval by the Secretary of Commerce pursuant to 
Section 5131 of the Information Technology Management Reform Act of 
1996 and the computer Security of 1987, Public Law 104-106.

    Dated: October 19, 1998.
Robert E. Hebner,
Acting Deputy Director.
[FR Doc. 98-28513 Filed 10-22-98; 8:45 am]
BILLING CODE 3510-CN-M