Proposed Reaffirmation of Federal Information Processing Standard (FIPS) 140-1,
Security Requirements for Cryptographic Modules

ACTION: Notice: request for comments.

SUMMARY: The purpose of this notice is to announce NIST's five-year review of FIPS 140-1, Security Requirements for Cryptographic Modules, for Federal agency use. FIPS 140-1 was first issued in 1994. The standard identifies requirements for four security levels for cryptographic modules to provide for a wide spectrum of data and a diversity of application environments. The standard provided that it be reviewed within five (5) years to consider its usefulness and new or revised requirements that may be needed to meet technological and economic changes.

DATES: Comments on this review of FIPS 140-1 must be received on or before January 21, 1999.

ADDRESSES: Written comments concerning this standard should be sent to:

• Information Technology Laboratory
• ATTN: Review of FIPS 140-1
• Bldg. 820, Room 562
• National Institute of Standards and Technology
• Gaithersburg, MD 20899.

Comments may also be sent via e-mail. All comments, written and electronic, will be published on the NIST web site http://csrc.nist.rip/cryptval.

FOR FURTHER INFORMATION CONTACT:  Mr. Miles Smid (301) 975-2938, National Institute of Standards and Technology, Gaithersburg, MD 20899.

SUPPLEMENTARY INFORMATION: FIPS 140-1, Security Requirements for Cryptographic Modules, first issued in 1994, identifies requirements for four security levels for cryptographic modules to provide for a wide spectrum of data sensitivity (e.g., low value administrative data, million dollar funds transfers, and life protecting data), and a diversity of application environments. The standard provided that it be reviewed within five (5) years to consider its usefulness and new or revised requirements that may be needed to meet technological and economic changes.

Interested parties may order a copy of FIPS 140-1 from the National Technical Information Service (NTIS), 5285 Port Royal Road, Springfield, VA 22161. Telephone (703) 487-1650. Copies of FIPS 140-1 may also be downloaded from http://csrc.nist.rip/publications//fips.

Comments from industry, government agencies, and the public are invited on the following alternatives for FIPS 140-1:

• Reaffirm the standard for another five (5) years. NIST would continue to support the validation of cryptographic modules that implement the standard. FIPS 140-1 would continue to be an approved method for protecting unclassified information.

• Revise the applicability and/or implementation statements of the standard. Please include specific recommendations. If a revision is necessary, NIST will continue to support the FIPS 140-1 validation program until the revision is approved.

Comments on other proposed recommendations would also be welcomed.

Authority: Federal Information Processing Standards Publications (FIPS PUBS) are issued by the National Institute of Standards and technology after approval by the Secretary of Commerce pursuant to Section 5131 of the Information Technology Management Reform Act of 1996 and the computer Security of 1987, Public Law 104-106.

Dated: October 19, 1998.

/s/

Robert E. Hebner,
Acting Deputy Director.

[FR Doc. 98-28513 Filed 10-22-98; 8:45 am]
BILLING CODE 3510-CN-M

Last Update: January 25, 2001
Computer Security Division
National Institute of Standards and Technology