[Federal Register Volume 64, Number 221 (Wednesday, November 17, 1999)]
[Notices]
[Pages 62654-62655]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 99-30051]


-----------------------------------------------------------------------

DEPARTMENT OF COMMERCE

National Institute of Standards and Technology
[Docket No. 980911236-9246-02]
RIN 0693-ZA 22


Announcing Draft Federal Information Processing Standard (FIPS) 
140-2, Security Requirements for Cryptographic Modules, and Request for 
Comments

AGENCY: National Institute of Standards and Technology (NIST), 
Commerce.

ACTION: Notice; request for comments.

-----------------------------------------------------------------------

SUMMARY: This notice announces Draft Federal Information Processing 
Standard 140-2, Security Requirements for Cryptographic Modules, for 
public review and comment. The draft

[[Page 62655]]

standard, designated ``Draft FIPS 140-2,'' is proposed to supersede 
FIPS 140-1.
    FIPS 140-1, first published in 1994, specified that it be reviewed 
within five years. In 1998, NIST solicited public comments on 
reaffirming the standard. The comments received by NIST supported 
maintaining the standard. The comments also supported updating the 
standard due to advances in technology. The proposed revision (Draft 
FIPS 140-2) is now available for public review and comment.
    Prior to the submission of this proposed standard to the Secretary 
of Commerce for review and approval, it is essential that consideration 
is given to the needs and views of the public, users, the information 
technology industry, and Federal, State and local government 
organizations. The purpose of this notice is to solicit such views.

DATES: Comments must be received on or before February 15, 2000.

ADDRESSES: Written comments may be sent to: Chief, Computer Security 
Division, Information Technology Laboratory, Attention: Comments on 
Draft FIPS 140-2, 100 Bureau Drive--Stop 8930, National Institute of 
Standards and Technology, Gaithersburg, MD 20899-8930.
    Electronic comments may also be sent to: ``Proposed140-
[email protected].''
    Copies of the current FIPS 140-1 and its proposed replacement, 
Draft FIPS 140-2, are available from the Computer Security Division, 
Information Technology Laboratory, 100 Bureau Drive--Stop 8930, 
National Institute of Standards and Technology, Gaithersburg, MD 20899-
8930. They are also available electronically at: http://csrc.nist,gov/
fips/. Comments received in response to this notice will be published 
electronically at http://csrc.nist.gov/cryptval/.

FOR FURTHER INFORMATION CONTACT: Mr. Ray Snouffer, Computer Security 
Division, 100 Bureau Drive, Stop 8930, National Institute of Standards 
and Technology, Gaithersburg, MD 20899-8930, telephone (301) 975-4436.

SUPPLEMENTARY INFORMATION: FIPS 140-1, Security Requirements for 
Cryptographic Modules, first issued in 1994, identifies requirements 
for four security levels for cryptographic modules to provide for a 
wide spectrum of data sensitivity (e.g., low value administrative data, 
million dollar funds transfers, and life protecting data), and a 
diversity of application environments. Over 60 modules have been tested 
by accredited private-sector laboratories and validated to-date as 
conforming to this standard. The standard provided that it be reviewed 
within five years to consider its continued usefulness and whether new 
or revised requirements should be added.
    A notice was published in the Federal Register (Volume 63, Number 
205) on October 23, 1998, soliciting public comments on reaffirming the 
standard. The comments (available at http://csrc.nist.gov/cryptval/) 
supported reaffirmation of the standard, but suggested technical 
modifications to address advances in technology since the standard was 
originally issued. Using these comments, NIST prepared by Draft FIPS 
140-2.

    Authority: NIST's activities to develop computer security 
standards to protect Federal sensitive (unclassified) systems are 
undertaken pursuant to specific responsibilities assigned to NIST in 
section 5131 of the Information Technology Management Reform Act of 
1996 (Pub. L. 104-106), the Computer Security of 1987 (Pub. L. 100-
235), and Appendix III to Office of Management and Budget Circular 
A-130.

    Dated: November 11, 1999.
Karen H. Brown,
Deputy Director, National Institute of Standards and Technology.
[FR Doc. 99-30051 Filed 11-16-99; 8:45 am]
BILLING CODE 3510-CN-M