[Federal Register Volume 64, Number 132 (Monday, July 12, 1999)]
[Notices]
[Page 37511]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 99-17661]


-----------------------------------------------------------------------

DEPARTMENT OF COMMERCE

National Institute of Standards and Technology
[Docket No: 981029270-9156-02]
RIN 0693-ZA26


National Voluntary Laboratory Accreditation Program

AGENCY: National Institute of Standards and Technology (NIST), 
Commerce.

ACTION: Notice.

-----------------------------------------------------------------------

SUMMARY: Under the National Voluntary Laboratory Accreditation Program 
(NVLAP), the National Institute of Standards and Technology (NIST) 
announces the establishment of an accreditation program for 
laboratories that perform Information Technology (IT) Security Testing 
in accordance with the National Information Assurance Partnership 
(NIAP) Common Criteria Evaluation and Validation Scheme based on: (1) 
ISO/IEC FDIS 15408, and (2) Common Evaluation Methodology for 
Information Technology Security (CEM), an International draft.

DATES: The evaluation of an initial group of applicant laboratories for 
accreditation to the ISO/IEC FDIS 15408 and CEM standards will commerce 
on or about June 30, 1999. Laboratories wishing to be accredited in the 
first group must submit an application form and pay all required fees. 
Laboratories whose applications are received will be considered on a 
when-received basis. The fees are partially refundable if the 
laboratory's application is withdrawn before its evaluation begins.

ADDRESSES: Laboratories may obtain applications for accreditation for 
Common Criteria Testing (CCT) by calling 301-975-4016 or by writing to: 
Information Technology Security Testing (ITST) Program Manager, NIST/
NVLAP, 100 Bureau Drive, Stop 2140, Gaithersburg, Maryland 20899-2140.

FOR FURTHER INFORMATION CONTACT: James L. Cigler, Chief, National 
Voluntary Laboratory Accreditation Program (NVLAP), NIST, 100 Bureau 
Drive, Stop 2140, Gaithersburg, Maryland 20899-2140. Telephone: 301-
975-4016.

SUPPLEMENTARY INFORMATION:

Background

    This notice is issued in accordance with the NVLAP Procedures and 
General Requirements (15 CFR Part 285). A request for establishment of 
the NVLAP Information Technology Security Testing Program and the 
inclusion of Common Criteria Testing in that program was published in 
the Federal Register on Wednesday, February 17, 1999, 64 FR 7859-7861. 
At the end of the comment period, May 3, 1999, only one comment was 
received that did not pertain to the establishment of the program.

Common Criteria Testing

    NVLAP will accredit laboratories which demonstrate their competence 
to perform Common Criteria Testing (CCT) in accordance with protocols 
specified in ISO/IEC FDIS 15408 and the draft CEM standard.

Cryptographic Modules Testing

    NVLAP currently offers accreditation for laboratories conducting 
testing to Federal Information Processing Standard (FIPS) 140-1 for 
Cryptographic Modules. This offering will be continued as part of the 
development of the new Information Technology Security Testing (ITST) 
program.

Technical Requirements for the Accreditation Process

    Specific requirements and criteria address quality systems, staff, 
facilities and equipment, calibrations, test methods and procedures, 
manuals, records, and test reports. Laboratory competence will be 
determined through: (1) On-site assessments of the laboratory by peer 
assessors, (2) evaluation of background of personnel performing Common 
Criteria Testing, (3) review of quality and technical documentation, 
and (4) proficiency testing. Laboratories must meet all NVLAP criteria 
and requirements in order to become accredited.
    Laboratories which apply for accreditation and pay all necessary 
fees will be required to meet proficiency testing requirements and on-
site assessment requirements before initial accreditation can be 
granted, and will be required to meet ongoing proficiency testing 
requirements and periodic reassessments to retain accreditation.
    Notwithstanding any other provision of law, no person is required 
to respond to nor shall a person be subject to a penalty for failure to 
comply with a collection of information subject to the requirements of 
the Paperwork Reduction Act unless that collection of information 
displays a currently valid OMB Control Number. The NVLAP application is 
approved by the Office of Management and Budget under OMB Control No. 
0693-0003.

    Dated: July 6, 1999.
Karen H. Brown,
Deputy Director.
[FR Doc. 99-17661 Filed 7-9-99; 8:45 am]
BILLING CODE 3510-13-M