[Federal Register Volume 65, Number 227 (Friday, November 24, 2000)]
[Notices]
[Page 70568]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 00-29877]


-----------------------------------------------------------------------

ENVIRONMENTAL PROTECTION AGENCY

[FRL-6905-4]


Federal Information Processing Standards (FIPS); Extension of 
Waiver

ACTION: Notice of FIPS waiver.

-----------------------------------------------------------------------

SUMMARY: The Chief Information Officer for the Environmental Protection 
Agency (EPA) has granted an extension to the waiver (published October 
1, 1998, at 63 FR 52693) authorizing the Agency to continue to use the 
cryptographic features in the commercial software application, Travel 
Manager Plus. The software's cryptographic features do not comply with 
Federal Information Processing Standards: 46-3 Data Encryption Standard 
(DES); 140-1, Security Requirements for Cryptographic Modules; 180-1, 
Secure Hash Standard; and 186-2, Digital Signature Standard. This 
waiver is being issued pursuant to the Federal Property and 
Administrative Services Act of 1949, as amended, 40 U.S.C. 1441.

DATES: This waiver extension takes effect on November 24, 2000 and 
expires on January 1, 2004.

FOR FURTHER INFORMATION CONTACT: Mark Day, Director, Office of 
Technology, Operations, and Planning, Office of Environmental 
Information, 401 M Street SW, Mail Code 2831, Washington, DC 20460, 
202-260-4465.

SUPPLEMENTARY INFORMATION: Federal Information Processing Standards 
(FIPS) 46-3 Data Encryption Standard (DES); 140-1, Security 
Requirements for Cryptographic Modules; 180-1, Secure Hash Standard; 
and 186-2, Digital Signature Standard publications establish standards 
for generating digital signatures (which can be used to verify 
authenticity) and for the encryption of sensitive information 
transmitted and stored electronically. As authorized by 40 U.S.C. 
1441(c), these FIPS publications permit Federal agencies to waive them 
under certain circumstances: A waiver may be granted if (1) compliance 
with a standard would adversely affect the accomplishment of the 
mission of an operator of a Federal computer system; or (2) compliance 
with a standard would cause a major adverse financial impact on the 
operator which is not offset by Governmentwide savings.
    Travel Manager Plus is commercial off the shelf (COTS) software 
that is on the General Services Administration (GSA) schedule. The 
application complies with a broad range of governmentwide requirements 
including Travel System Requirements issued by the Joint Financial 
Management Improvement Program.
    EPA plans to deploy Travel Manager Plus agency-wide so that the 
process of reimbursing EPA employees can be fully automated. In 
addition to gaining efficiencies, by dramatically shortening the 
reimbursement process cycle, the Travel Manager Plus software will help 
ensure that the Agency complies with new legal requirements that 
travelers be reimbursed promptly.
    The EPA Chief Information Officer has granted a waiver from the 
four FIPS cited above to enable EPA to continue to use the built-in 
cryptographic features in Travel Manager Plus. EPA determined that the 
cryptographic protection embedded in Travel Manager Plus provides an 
appropriate level of security to protect the unclassified information 
used, communicated, and stored on the system.
    If the Agency were to purchase and maintain FIPS-compliant 
applications for its automated travel reimbursement system, the 
additional costs would be prohibitive. By relying on the FIPS non-
compliant cryptographic features embedded in Travel Manager Plus, EPA 
will be able to achieve a fully automated travel reimbursement system 
that has adequate and cost-effective security.
    In accordance with FIPS requirements, notice of this waiver has 
been sent to the National Institute of Standards and Technology, the 
Committee on Government Reform and Oversight of the House of 
Representatives, and the Committee on Governmental Affairs of the 
Senate.

    Dated: November 7, 2000.
Edwin A. Levine,
Interim Chief Information Officer.
[FR Doc. 00-29877 Filed 11-22-00; 8:45 am]
BILLING CODE 6560-50-P