SUMMARY: Federal Information Processing Standard 46, Data Encryption Standard, issued in 1977, provides an algorithm to be implemented in electronic hardware devices and used for the cryptographic protection of computer data. The standard provided that it be reviewed within five (5) years to assess its adequacy. The first review was completed in 1983, and the standard was reaffirmed for Federal government use (48 FR 41062 dated September 13, 1983). The second review was completed in 1987, and the standard was reaffirmed for Federal government use
(52-FR 7006).

The purpose of this notice is to announce the review to assess the continued adequacy of the standard to protect computer data. Comments from industry and the public are invited on
the following alternatives for FIPS 46-1. The costs (impacts) and benefits of these alternatives should be included in the comments:

• Reaffirm the standard for another five years. NIST would continue to validate equipment that implements the standard. FIPS 46-1 would continue to be the only approved method for protecting unclassified computer data;
• Withdraw the standard. NIST would no longer continue to support the standard. Organizations could continue to utilize existing equipment that implements the standard. Other standards could be issued by NIST as a replacement for the DES; or
• Revise the applicability and/or implementation statements of the standard. Such revisions could include changing the standard to allow the use of implementations of the DES in software as well as hardware; to allow the iterative use of the DES in specific applications; to allow the use of alternative algorithms that are approved and registered by NIST.

Comments were due to NIST by December 10, 1992.

[Citation: 57 FR 41727]