[Federal Register Volume 64, Number 171 (Friday, September 3, 1999)]
[Notices]
[Page 48432]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 99-22968]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF JUSTICE

Justice Management Division


Notice of FIPS Waiver

AGENCY: Department of Justice.

ACTION: Notice.

-----------------------------------------------------------------------

SUMMARY: The Chief Information Officer for the Department of Justice 
has granted a waiver to the Agency to use the cryptographical features 
provided in Entrust/Authority,TM Entrust/
Entelligence,TM and Entrust/Client,TM by Entrust 
Technologies, Inc., in lieu of the Data Encryption Standard (FIPS Pub 
46-2).

DATES: This waiver was approved on May 25, 1999.

ADDRESSES: U.S. Department of Justice, Justice Management Division, 
Information Resources Management, 10th and Constitution Avenue NW, 
Washington, DC 20530.

FOR FURTHER INFORMATION CONTACT: Richard Bowler, Information Management 
and Security Staff, U.S. Department of Justice, National Place 
Building, Suite 1220, 1331 Pennsylvania Avenue, NW, Washington, DC 
20530, email: [email protected], voice: 202-616-1171, fax: 
202-616-5455.

SUPPLEMENTARY INFORMATION: The Federal Information Processing Standards 
Publication (FIPS Pub) 46-2 entitled ``Data Encryption Standard (DES)'' 
requires the use of DES, other FIPS-approved methods of encryption 
(FIPS 185 Escrowed Encryption Standard) or methods approved for 
classified information, where encryption of sensitive but unclassified 
information is deemed necessary. The Department plans to conduct 
testing of several public key encryption and digital signature 
prototypes using Entrust/Authority,TM Entrust/
Entelligence,TM and Entrust/Client,TM by Entrust 
Technologies, Inc. The Entrust products are not compliant with FIPS 46-
2, other FIPS-approved methods of encryption or for use with classified 
information. Accordingly, a waiver is required if the Entrust products 
are utilized.
    The domestic versions of Entrust's Entelligence TM and 
Client TM products use the CAST-128 encryption algorithm for 
the storage of user profile information at the client's desktop. CAST-
128 has not been approved by the National Institute of Standards and 
Technology. Additionally, in order to provide stronger security than 
that currently required under FIPS Pub 46-2, the Department will 
utilize Triple DES provided in Entrust's Authority,TM 
Entelligence,TM and Client.TM
    The Department of Justice's Chief Information Officer has 
determined that compliance with FIPS 46-2 would adversely affect the 
accomplishment of the mission of the Department. Accordingly, he has 
granted a waiver of the FIPS to allow the Department to use these 
Entrust products. The tests will involve approximately 200 users and 
will be conducted over a period of six months. Actual data as opposed 
to test data will be transmitted during the six month test.
    In accordance with FIPS Pub 46-2, notice of this waiver will be 
sent to the National Institute of Standards and Technology, the 
Committee on Government Reform and Oversight of the United States House 
of Representatives, and the Committee on Governmental Affairs of the 
United States Senate.

    Dated: August 17, 1999.
Stephen R. Colgate,
Assistant Attorney General for Administration.
[FR Doc. 99-22968 Filed 9-2-99; 8:45 am]
BILLING CODE 4410-26-M