1 March 2011

Federal Transition to Secure Hash Algorithm (SHA)-256

http://www.ofr.gov/OFRUpload/OFRData/2011-04662_PI.pdf

[FR Doc. 2011-4662 Filed 03/01/2011 at 8:45 am; Publication
Date: 03/02/2011]

DEPARTMENT OF DEFENSE
GENERAL SERVICES ADMINISTRATION
NATIONAL AERONAUTICS AND SPACE ADMINISTRATION

[FAR-N-2011-01; Docket No. 2011-0083; Sequence 1]

Federal Transition to Secure Hash Algorithm (SHA)-256

AGENCIES: Department of Defense (DoD), General Services
Administration (GSA), and National Aeronautics and Space
Administration (NASA).

ACTION: Notice of public meeting.

SUMMARY: The Civilian Agency Acquisition Council, and the
Defense Acquisition Regulations Council, (Councils) are
hosting the first of at least two public meetings to start
a dialogue with industry and Government agencies about ways
for the acquisition community to transition to Secure Hash
Algorithm SHA-256. SHA-256 is a cryptographic hash
function that is used in digital signatures, and
authentication protocols.

DATES: Public Meeting: A public meeting will be held on
March 18, 2011, from 9:00 a.m. to 12:00 p.m. EST.
Attendees should register for the public meeting at least 1
week in advance to ensure adequate room accommodations.
Registrants will be given priority if room constraints
require limits on attendance. At the March 18th meeting,
two briefings will be provided on SHA-256. One will be at
the agency level, and the other at the Federal level.
Public comments will be solicited after a subsequent second
public meeting.

Special Accommodations: The public meeting is
physically accessible to people with disabilities.
Requests for sign language interpretation or other
auxiliary aids should be directed to Mr. Edward Loeb,
telephone (202) 501-0650, at least 5 working days prior to
the meeting date.

ADDRESSES: Public Meeting: The public meeting will be
held in the General Services Administration (GSA)
Multipurpose Room, 2nd floor, One Constitution Square, 1275
First Street, NE., Washington, DC 20417. Interested
parties may register by faxing the following information to
the GSA at (202) 501-4067, or email edward.loeb@gsa.gov by
March 11, 2011:

(1) Company or Organization Name;
(2) Names of persons attending; and
(3) Last four digits of the social security number of
persons attending.

Please cite “Federal Transition to Secure Hash Algorithm
SHA-256” in all correspondence related to this public
meeting.

FOR FURTHER INFORMATION CONTACT: For clarification of
content, contact Mr. Edward Loeb, Procurement Analyst, at
(202) 501-0650. For information pertaining to status or
publication schedules, contact the Regulatory Secretariat
at (202) 501-4755. Please cite "Federal Transition to
Secure Hash Algorithm SHA-256."

SUPPLEMENTARY INFORMATION:

The Federal environment uses SHA-1 for generating
digital signatures. Current information systems, Web
servers, applications and workstation operating systems
were designed to process, and use SHA-1 generated
signatures. National Institute of Standards and Technology
(NIST) SP (Special Publication) 800-57, Recommendation for
Key Management – Part 1, (the first document); and NIST SP
800-78-3, Cryptographic Algorithms and Key Sizes for
Personal Identification Verification (PIV), at
http://csrc.nist.gov/publications/PubsSPs.html, provide for
the use of SHA-256 in all digital signatures generated.
NIST has issued guidance for transition to stronger
cryptographic keys, and more robust algorithms by December
2013.

Government systems may begin to encounter certificates
signed with SHA-256, and in most cases it is unclear
whether the Government systems will continue to function
correctly.

Dated: February 24, 2011

Millisa Gary,
Acting Director,
Office of Governmentwide
Acquisition Policy.

[BILLING CODE 6820-EP]