[Federal Register Volume 66, Number 124 (Wednesday, June 27, 2001)]
[Notices]
[Pages 34154-34155]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 01-16186]


-----------------------------------------------------------------------

DEPARTMENT OF COMMERCE

National Institute of Standards and Technology

[Docket No. 980911236-0314-03]
RIN 0693-ZA22


Announcing Approval of Federal Information Processing Standard 
(FIPS) 140-2, Security Requirements for Cryptographic Modules

AGENCY: National Institute of Standards and Technology (NIST), 
Commerce.

ACTION: Notice.

-----------------------------------------------------------------------

SUMMARY: The Secretary of Commerce approves FIPS 140-2, Security 
Requirements for Cryptographic Modules, which supersedes FIPS Standard 
140-1, and makes it compulsory and binding on Federal agencies for the 
protection of sensitive, unclassified information, FIPS 140-1, which 
was first published in 1994, specified that it would be reviewed within 
five years. FIPS 140-2 is the result of the review and replaces FIPS 
140-1.

DATE: This standard is effective November 25, 2001.

FOR FURTHER INFORMATION CONTACT: Mr. Ray Snouffer, (301) 975-4436, 
National Institute of Standards and Technology, 100 Bureau Drive, STOP 
8930, Gaithersburg, MD 20899-8930.
    A copy of FIPS 140-2 is available electronically from the NIST 
website at:
http://csrc.nist.gov/cryptval/>

SUPPLEMENTARY INFORMATION: FIPS 140-1, Security Requirements for 
Cryptographic Modules, first issued in 1994, identified requirements 
for four security levels for cryptographic modules to provide for a 
wide spectrum of data sensitivity (e.g., low value administrative data, 
million dollar funds transfers, and life protecting data), and a 
diversity of application environments. Over 140 modules have been 
tested by accredited private-sector laboratories and validated to-date 
as conforming to this standard. The standard provided that it be 
reviewed within five years to consider its continued usefulness and to 
determine whether new or revised requirements should be added.

[[Page 34155]]

    A notice was published in the Federal Register (63 FR 56910) on 
October 23, 1998, soliciting public comments on reaffirming FIPS 140-1. 
The comments supported reaffirming FIPS 140-1 with technical 
modifications to address advances in technology since FIPS 140-1 was 
issued. A notice was published in the Federal Register (64 FR 62654) on 
November 17, 1999, soliciting public comments on proposed FIPS 140-2, a 
revision of FIPS 140-1 making such technical modifications. The 
comments received (available at http://csrc.nist.gov/cryptval/) 
supported the issuance of proposed FIPS 140-2 with technical and 
editorial changes. None of them opposed the proposed revision of FIPS 
140-1.
    The Secretary of Commerce, after making appropriate revisions to 
proposed FIPS 140-2, approves it, and makes it compulsory and binding 
on Federal agencies for the protection of sensitive, unclassified 
information.

    Authority: Under Section 5131 of the Information Technology 
Management Reform Act of 1996 and the Computer Security Act of 1987, 
the Secretary of Commerce is authorized to approve standards and 
guidelines for the cost effective security and privacy of sensitive 
information processed by federal computer systems.

    E.O. 12866: This notice has been determined to be significant for 
the purposes of E.O. 12866.

    Dated: June 21, 2001.
Karen H. Brown,
Acting Director, NIST.
[FR Doc. 01-16186 Filed 6-26-01; 8:45 am]
BILLING CODE 3510-CN-M