12 July 1999 Source: http://www.access.gpo.gov/su_docs/aces/fr-cont.html ------------------------------------------------------------------------- [Federal Register: July 12, 1999 (Volume 64, Number 132)] [Notices] [Page 37511] From the Federal Register Online via GPO Access [wais.access.gpo.gov] [DOCID:fr12jy99-39] ----------------------------------------------------------------------- DEPARTMENT OF COMMERCE National Institute of Standards and Technology [Docket No: 981029270-9156-02] RIN 0693-ZA26 National Voluntary Laboratory Accreditation Program AGENCY: National Institute of Standards and Technology (NIST), Commerce. ACTION: Notice. ----------------------------------------------------------------------- SUMMARY: Under the National Voluntary Laboratory Accreditation Program (NVLAP), the National Institute of Standards and Technology (NIST) announces the establishment of an accreditation program for laboratories that perform Information Technology (IT) Security Testing in accordance with the National Information Assurance Partnership (NIAP) Common Criteria Evaluation and Validation Scheme based on: (1) ISO/IEC FDIS 15408, and (2) Common Evaluation Methodology for Information Technology Security (CEM), an International draft. DATES: The evaluation of an initial group of applicant laboratories for accreditation to the ISO/IEC FDIS 15408 and CEM standards will commerce on or about June 30, 1999. Laboratories wishing to be accredited in the first group must submit an application form and pay all required fees. Laboratories whose applications are received will be considered on a when-received basis. The fees are partially refundable if the laboratory's application is withdrawn before its evaluation begins. ADDRESSES: Laboratories may obtain applications for accreditation for Common Criteria Testing (CCT) by calling 301-975-4016 or by writing to: Information Technology Security Testing (ITST) Program Manager, NIST/ NVLAP, 100 Bureau Drive, Stop 2140, Gaithersburg, Maryland 20899-2140. FOR FURTHER INFORMATION CONTACT: James L. Cigler, Chief, National Voluntary Laboratory Accreditation Program (NVLAP), NIST, 100 Bureau Drive, Stop 2140, Gaithersburg, Maryland 20899-2140. Telephone: 301- 975-4016. SUPPLEMENTARY INFORMATION: Background This notice is issued in accordance with the NVLAP Procedures and General Requirements (15 CFR Part 285). A request for establishment of the NVLAP Information Technology Security Testing Program and the inclusion of Common Criteria Testing in that program was published in the Federal Register on Wednesday, February 17, 1999, 64 FR 7859-7861. At the end of the comment period, May 3, 1999, only one comment was received that did not pertain to the establishment of the program. Common Criteria Testing NVLAP will accredit laboratories which demonstrate their competence to perform Common Criteria Testing (CCT) in accordance with protocols specified in ISO/IEC FDIS 15408 and the draft CEM standard. Cryptographic Modules Testing NVLAP currently offers accreditation for laboratories conducting testing to Federal Information Processing Standard (FIPS) 140-1 for Cryptographic Modules. This offering will be continued as part of the development of the new Information Technology Security Testing (ITST) program. Technical Requirements for the Accreditation Process Specific requirements and criteria address quality systems, staff, facilities and equipment, calibrations, test methods and procedures, manuals, records, and test reports. Laboratory competence will be determined through: (1) On-site assessments of the laboratory by peer assessors, (2) evaluation of background of personnel performing Common Criteria Testing, (3) review of quality and technical documentation, and (4) proficiency testing. Laboratories must meet all NVLAP criteria and requirements in order to become accredited. Laboratories which apply for accreditation and pay all necessary fees will be required to meet proficiency testing requirements and on- site assessment requirements before initial accreditation can be granted, and will be required to meet ongoing proficiency testing requirements and periodic reassessments to retain accreditation. Notwithstanding any other provision of law, no person is required to respond to nor shall a person be subject to a penalty for failure to comply with a collection of information subject to the requirements of the Paperwork Reduction Act unless that collection of information displays a currently valid OMB Control Number. The NVLAP application is approved by the Office of Management and Budget under OMB Control No. 0693-0003. Dated: July 6, 1999. Karen H. Brown, Deputy Director. [FR Doc. 99-17661 Filed 7-9-99; 8:45 am] BILLING CODE 3510-13-M