3 September 1999
Source: http://www.access.gpo.gov/su_docs/aces/fr-cont.html

-------------------------------------------------------------------------

[Federal Register: September 3, 1999 (Volume 64, Number 171)]
[Notices]
[Page 48432]
From the Federal Register Online via GPO Access [wais.access.gpo.gov]
[DOCID:fr03se99-111]

=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF JUSTICE

Justice Management Division


Notice of FIPS Waiver

AGENCY: Department of Justice.

ACTION: Notice.

-----------------------------------------------------------------------

SUMMARY: The Chief Information Officer for the Department of Justice
has granted a waiver to the Agency to use the cryptographical features
provided in Entrust/Authority,<SUP>TM</SUP> Entrust/
Entelligence,<SUP>TM</SUP> and Entrust/Client,<SUP>TM</SUP> by Entrust
Technologies, Inc., in lieu of the Data Encryption Standard (FIPS Pub
46-2).

DATES: This waiver was approved on May 25, 1999.

ADDRESSES: U.S. Department of Justice, Justice Management Division,
Information Resources Management, 10th and Constitution Avenue NW,
Washington, DC 20530.

FOR FURTHER INFORMATION CONTACT: Richard Bowler, Information Management
and Security Staff, U.S. Department of Justice, National Place
Building, Suite 1220, 1331 Pennsylvania Avenue, NW, Washington, DC
20530, email: richard.w.bowler@usdoj.gov, voice: 202-616-1171, fax:
202-616-5455.

SUPPLEMENTARY INFORMATION: The Federal Information Processing Standards
Publication (FIPS Pub) 46-2 entitled ``Data Encryption Standard (DES)''
requires the use of DES, other FIPS-approved methods of encryption
(FIPS 185 Escrowed Encryption Standard) or methods approved for
classified information, where encryption of sensitive but unclassified
information is deemed necessary. The Department plans to conduct
testing of several public key encryption and digital signature
prototypes using Entrust/Authority,<SUP>TM</SUP> Entrust/
Entelligence,<SUP>TM</SUP> and Entrust/Client,<SUP>TM</SUP> by Entrust
Technologies, Inc. The Entrust products are not compliant with FIPS 46-
2, other FIPS-approved methods of encryption or for use with classified
information. Accordingly, a waiver is required if the Entrust products
are utilized.
    The domestic versions of Entrust's Entelligence <SUP>TM</SUP> and
Client <SUP>TM</SUP> products use the CAST-128 encryption algorithm for
the storage of user profile information at the client's desktop. CAST-
128 has not been approved by the National Institute of Standards and
Technology. Additionally, in order to provide stronger security than
that currently required under FIPS Pub 46-2, the Department will
utilize Triple DES provided in Entrust's Authority,<SUP>TM</SUP>
Entelligence,<SUP>TM</SUP> and Client.<SUP>TM</SUP>
    The Department of Justice's Chief Information Officer has
determined that compliance with FIPS 46-2 would adversely affect the
accomplishment of the mission of the Department. Accordingly, he has
granted a waiver of the FIPS to allow the Department to use these
Entrust products. The tests will involve approximately 200 users and
will be conducted over a period of six months. Actual data as opposed
to test data will be transmitted during the six month test.
    In accordance with FIPS Pub 46-2, notice of this waiver will be
sent to the National Institute of Standards and Technology, the
Committee on Government Reform and Oversight of the United States House
of Representatives, and the Committee on Governmental Affairs of the
United States Senate.

    Dated: August 17, 1999.
Stephen R. Colgate,
Assistant Attorney General for Administration.
[FR Doc. 99-22968 Filed 9-2-99; 8:45 am]
BILLING CODE 4410-26-M