The FISMA Focus IPD

Table of Contents Back to Top

• DATES:
• ADDRESSES:
• FOR FURTHER INFORMATION CONTACT:
• SUPPLEMENTARY INFORMATION:

DATES: Back to Top

Comments on the proposed withdrawal of the FIPS must be received no later than 5 p.m. Eastern Time on March 2, 2015.

ADDRESSES: Back to Top

Written comments concerning the withdrawal of the FIPS should be sent to Information Technology Laboratory, ATTN: Proposed Withdrawal of 6 FIPS, National Institute of Standards and Technology, 100 Bureau Drive, Mail Stop 8930, Gaithersburg, MD 20899-8930.

Electronic comments should be sent to: fipswithdrawal@nist.gov.

Information about the FIPS is available on the NIST Web pages http://csrc.nist.gov/publications/PubsFIPS.html.

Comments received in response to this notice will be published electronically at http://csrc.nist.gov/publications/PubsFIPS.html without change or redaction, so commenters should not include information they do not wish to be posted (e.g., personal or confidential business information).

FOR FURTHER INFORMATION CONTACT: Back to Top

Ms. Diane Honeycutt, telephone (301) 975-8443, National Institute of Standards and Technology, 100 Bureau Drive, MS 8930, Gaithersburg, MD 20899-8930 or via email at dhoneycutt@nist.gov.

SUPPLEMENTARY INFORMATION: Back to Top

The following Federal Information Processing Standards (FIPS) Publications are proposed for withdrawal from the FIPS series:

FIPS 181, Automated Password Generator,

FIPS 185, Escrowed Encryption Standard,

FIPS 188, Standard Security Label for Information Transfer,

FIPS 190, Guideline for the Use of Advanced Authentication Technology Alternatives,

FIPS 191, Guideline for the Analysis of Local Area Network Security, and

FIPS 196, Entity Authentication using Public Key Cryptography.

These FIPS are being proposed for withdrawal because they are obsolete or have not been updated to adopt current voluntary industry standards, federal specifications, or federal data standards. Federal agencies are responsible for using current voluntary industry standards and current federal specifications and data standards in their acquisition and management activities.

The Information Technology Management Reform Act of 1996 (Division E of Pub. L. 104-106) and Executive Order 13011 emphasize agency management of information technology and Government-wide interagency support activities to improve productivity, security, interoperability, and coordination of Government resources. Under the National Technology Transfer and Advancement Act of 1995 (Pub. L. 104-113) Federal agencies and departments are directed to use technical standards that are developed or adopted by voluntary consensus standards bodies, using such technical standards as a means to carry out policy objectives or activities determined by the agencies and departments. Voluntary industry standards are the preferred source of standards to be used by the Federal government. The use of voluntary industry standards eliminates the cost to the government of developing its own standards, and furthers the policy of reliance upon the private sector to supply goods and services to the government.

FIPS 181, FIPS 190 and FIPS 196 are Federal standards on electronic authentication technologies. NIST proposes withdrawing these standards because they reference withdrawn cryptographic standards and newer guidance has been developed based on modern technologies.

FIPS 191 is being withdrawn because new technologies, techniques and threats to computer networks have made the standard obsolete.

FIPS 185 is being withdrawn because it references a cryptographic algorithm that is no longer approved for U.S. government use. FIPS 185, Escrowed Encryption Standard, specifies use of a symmetric-key encryption (and decryption) algorithm (SKIPJACK) and a Law Enforcement Access Field (LEAF) creation method which was intended to support lawfully authorized electronic surveillance. The SKIPJACK algorithm is no longer approved to protect sensitive government information, and NIST recommends the use of newer techniques for data security based on current algorithms.

NIST proposes the withdrawal of FIPS 188 because it is a Federal data standard that is now maintained, updated and kept current by Federal government agencies other than NIST. Executive Order 13556 “Controlled Unclassified Information” assigns the responsibility for this data standard to the National Archives and Records Administration, and it is available through their Web pages.

Should the Secretary of Commerce approve the withdrawal of these FIPS, NIST will keep references to the withdrawn FIPS on its FIPS Web pages and will link to current versions of these standards and specifications where appropriate.

Withdrawal means that these FIPS would no longer be part of a subscription service that is provided by the National Technical Information Service and federal agencies will no longer be required to comply with these FIPS. NIST will continue to provide relevant information on standards and guidelines by means of electronic dissemination methods.

Comments received in response to this notice will be published electronically at http://csrc.nist.gov/publications/PubsFIPS.html without change or redaction, so commenters should not include information they do not wish to be posted (e.g., personal or confidential business information).