27 June 2001
Source: http://www.access.gpo.gov/su_docs/aces/fr-cont.html
-------------------------------------------------------------------------
[Federal Register: June 27, 2001 (Volume 66, Number 124)]
[Notices]
[Page 34154-34155]
From the Federal Register Online via GPO Access [wais.access.gpo.gov]
[DOCID:fr27jn01-48]
-----------------------------------------------------------------------
DEPARTMENT OF COMMERCE
National Institute of Standards and Technology
[Docket No. 980911236-0314-03]
RIN 0693-ZA22
Announcing Approval of Federal Information Processing Standard
(FIPS) 140-2, Security Requirements for Cryptographic Modules
AGENCY: National Institute of Standards and Technology (NIST),
Commerce.
ACTION: Notice.
-----------------------------------------------------------------------
SUMMARY: The Secretary of Commerce approves FIPS 140-2, Security
Requirements for Cryptographic Modules, which supersedes FIPS Standard
140-1, and makes it compulsory and binding on Federal agencies for the
protection of sensitive, unclassified information, FIPS 140-1, which
was first published in 1994, specified that it would be reviewed within
five years. FIPS 140-2 is the result of the review and replaces FIPS
140-1.
DATE: This standard is effective November 25, 2001.
FOR FURTHER INFORMATION CONTACT: Mr. Ray Snouffer, (301) 975-4436,
National Institute of Standards and Technology, 100 Bureau Drive, STOP
8930, Gaithersburg, MD 20899-8930.
A copy of FIPS 140-2 is available electronically from the NIST
website at:
http://csrc.nist.gov/cryptval/>
SUPPLEMENTARY INFORMATION: FIPS 140-1, Security Requirements for
Cryptographic Modules, first issued in 1994, identified requirements
for four security levels for cryptographic modules to provide for a
wide spectrum of data sensitivity (e.g., low value administrative data,
million dollar funds transfers, and life protecting data), and a
diversity of application environments. Over 140 modules have been
tested by accredited private-sector laboratories and validated to-date
as conforming to this standard. The standard provided that it be
reviewed within five years to consider its continued usefulness and to
determine whether new or revised requirements should be added.
[[Page 34155]]
A notice was published in the Federal Register (63 FR 56910) on
October 23, 1998, soliciting public comments on reaffirming FIPS 140-1.
The comments supported reaffirming FIPS 140-1 with technical
modifications to address advances in technology since FIPS 140-1 was
issued. A notice was published in the Federal Register (64 FR 62654) on
November 17, 1999, soliciting public comments on proposed FIPS 140-2, a
revision of FIPS 140-1 making such technical modifications. The
comments received (available at http://csrc.nist.gov/cryptval/)
supported the issuance of proposed FIPS 140-2 with technical and
editorial changes. None of them opposed the proposed revision of FIPS
140-1.
The Secretary of Commerce, after making appropriate revisions to
proposed FIPS 140-2, approves it, and makes it compulsory and binding
on Federal agencies for the protection of sensitive, unclassified
information.
Authority: Under Section 5131 of the Information Technology
Management Reform Act of 1996 and the Computer Security Act of 1987,
the Secretary of Commerce is authorized to approve standards and
guidelines for the cost effective security and privacy of sensitive
information processed by federal computer systems.
E.O. 12866: This notice has been determined to be significant for
the purposes of E.O. 12866.
Dated: June 21, 2001.
Karen H. Brown,
Acting Director, NIST.
[FR Doc. 01-16186 Filed 6-26-01; 8:45 am]
BILLING CODE 3510-CN-M
----------------------------------------------------------------------
[Federal Register: June 27, 2001 (Volume 66, Number 124)]
[Notices]
[Page 34155]
From the Federal Register Online via GPO Access [wais.access.gpo.gov]
[DOCID:fr27jn01-49]
-----------------------------------------------------------------------
DEPARTMENT OF COMMERCE
National Institute of Standards and Technology
Cryptographic Key Management Workshop
AGENCY: National Institute of Standards and Technology (NIST),
Commerce.
ACTION: Notice of public workshop.
-----------------------------------------------------------------------
SUMMARY: The National Institute of Standards and Technology (NIST)
announces a workshop to discuss the development of Cryptographic Key
Management guidance for Federal Government applications. The workshop
will be held to review and discuss draft documentation that will be
available prior to the workshop.
DATES: The Key Management Workshop will be held on November 1-2, 2001,
from 9 a.m. to 5 p.m.
ADDRESSES: The Key Management workshop will be held in the
Administration Building (Bldg. 101), Lecture Room A, National Institute
of Standards and Technology, Gaithersburg, MD.
FOR FURTHER INFORMATION CONTACT: Further information may be obtained
from the Key Management web site at <A HREF="http://frwebgate.access.gpo.gov/cgi-bin/leaving.cgi?from=leavingFR.html&log=linklog&to=http://www.nist.gov/kms">http://www.nist.gov/kms</A> or by
contacting Elaine Barker, National Institute of Standards and
Technology, Building 100 Bureau Drive, Stop 8930, Gaithersburg, MD
20899-8930; telephone 301-975-2911; Fax 301-948-1233, or email
<A HREF="mailto:ebarker@nist.gov">ebarker@nist.gov</A>.
SUPPLEMENTARY INFORMATION: Electronic Commerce needs well-established
cryptographic schemes that can provide such services as data integrity
and confidentiality. Symmetric encryption schemes such as Triple DES,
as defined in FIPS 46-3, and the Advanced Encryption Standard (AES)
make attractive choices for the provision of these services. Systems
using symmetric techniques are efficient, and their security
requirements are well understood. Furthermore, these schemes have been
or will be standardized to facilitate interoperability between systems.
However, the implementation of such schemes requires the establishment
of a shared secret key in advance. As the size of a key management
system or the number of entities using a system grows, the need for key
establishment can lead to a key management problem.
In 1997, NIST announced plans to develop a public key-based key
management standard and solicited comments from the public. In February
of 2000, a public workshop was held to examine key establishment
techniques that are currently available and to discuss the approach to
the development of a Key Management Standard for Federal Government
use. The workshop attendees suggested (1) the development of a
``framework'' document that discusses the documents to be developed and
their proposed content, (2) the identification of key establishment
schemes, and (3) the development of key management guidance.
Following the workshop, the framework document was prepared and
made available for review on the Key Management web page (<A HREF="http://frwebgate.access.gpo.gov/cgi-bin/leaving.cgi?from=leavingFR.html&log=linklog&to=http://www.nist.gov/kms">http://
www.nist.gov/kms</A>). A key establishment scheme definition document and a
key management guidance document are currently under development.
Initial drafts of these documents will be made available on the Key
Management web page at least one month prior to the workshop and will
be the subjects under discussion during that workshop.
For planning purposes, advance registration is encouraged. To
register, please fax your name, address, telephone, fax and e-mail
address to 301-926-2733 (Attn: Key Management Workshop) by October 19,
2000. Registration questions should be addressed to Vickie Harris on
301-975-2034. Registration will also be available at the door, space
permitting. The workshop will be open to the public and is free of
charge.
Authority: This work is being initiated pursuant to NIST's
responsibilities under the Computer Security Act of 1987, the
Information Technology Management Reform Act of 1996, Executive
Order 13011, and OMB Circular A-130.
Dated: June 21, 2001.
Karen H. Brown,
Acting Director, NIST.
[FR Doc. 01-16187 Filed 6-26-01; 8:45 am]
BILLING CODE 3510-CN-M