Federal Register, Volume 80 Issue 11 (Friday, January 16, 2015)

[Federal Register Volume 80, Number 11 (Friday, January 16, 2015)]
[Notices]
[Pages 2398-2399]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2015-00657]


-----------------------------------------------------------------------

DEPARTMENT OF COMMERCE

National Institute of Standards and Technology

[Docket Number 141021884-4884-01]


Proposed Withdrawal of Six Federal Information Processing 
Standards

AGENCY: National Institute of Standards and Technology (NIST), 
Commerce.

ACTION: Notice; Request for comments.

-----------------------------------------------------------------------

SUMMARY: The National Institute of Standards and Technology (NIST) 
proposes to withdraw six (6) Federal Information Processing Standards 
(FIPS) from the FIPS series. The standards proposed for withdrawal are: 
FIPS 181, FIPS 185, FIPS 188, FIPS 190, FIPS 191 and FIPS 196.
    These FIPS are obsolete because they have not been updated to 
reference current or revised voluntary industry standards. They also 
are not updated to reflect the changes and modifications that have been 
made by the organizations that develop and maintain the specifications 
and data representations. In addition, FIPS 188 adopts specifications 
and data standards that are developed and maintained by other Federal 
government agencies and by voluntary industry standards organizations.
    Prior to the submission of this proposed withdrawal of FIPS to the 
Secretary of Commerce for review and approval, NIST invites comments 
from the public, users, the information technology industry, and 
Federal, State and local governments and government organizations 
concerning the withdrawal of the FIPS.

DATES: Comments on the proposed withdrawal of the FIPS must be received 
no later than 5 p.m. Eastern Time on March 2, 2015.

ADDRESSES: Written comments concerning the withdrawal of the FIPS 
should be sent to Information Technology Laboratory, ATTN: Proposed 
Withdrawal of 6 FIPS, National Institute of Standards and Technology, 
100 Bureau Drive, Mail Stop 8930, Gaithersburg, MD 20899-8930.
    Electronic comments should be sent to: [email protected].
    Information about the FIPS is available on the NIST Web pages 
http://csrc.nist.gov/publications/PubsFIPS.html.
    Comments received in response to this notice will be published 
electronically at http://csrc.nist.gov/publications/PubsFIPS.html 
without change or redaction, so commenters should not include 
information they do not wish to be posted (e.g., personal or 
confidential business information).

FOR FURTHER INFORMATION CONTACT: Ms. Diane Honeycutt, telephone (301) 
975-8443, National Institute of Standards and Technology, 100 Bureau 
Drive, MS 8930, Gaithersburg, MD 20899-8930 or via email at 
[email protected].

SUPPLEMENTARY INFORMATION: The following Federal Information Processing 
Standards (FIPS) Publications are proposed for withdrawal from the FIPS 
series:

FIPS 181, Automated Password Generator,
FIPS 185, Escrowed Encryption Standard,
FIPS 188, Standard Security Label for Information Transfer,
FIPS 190, Guideline for the Use of Advanced Authentication Technology 
Alternatives,
FIPS 191, Guideline for the Analysis of Local Area Network Security, 
and
FIPS 196, Entity Authentication using Public Key Cryptography.

    These FIPS are being proposed for withdrawal because they are 
obsolete or have not been updated to adopt current voluntary industry 
standards, federal specifications, or federal data standards. Federal 
agencies are responsible for using current voluntary industry standards 
and current federal specifications and data standards in their 
acquisition and management activities.
    The Information Technology Management Reform Act of 1996 (Division 
E of Pub. L. 104-106) and Executive Order 13011 emphasize agency 
management of information technology and Government-wide interagency 
support activities to improve productivity, security, interoperability, 
and coordination of Government resources. Under the National Technology 
Transfer and Advancement Act of 1995 (Pub. L. 104-113) Federal agencies 
and departments are directed to use technical standards that are 
developed or adopted by voluntary consensus standards bodies, using 
such technical standards as a means to carry out policy objectives or 
activities determined by the agencies and departments. Voluntary 
industry standards are the preferred source of standards to be used by 
the Federal government. The use of voluntary industry standards 
eliminates the cost to the government of developing its own standards, 
and furthers the policy of reliance upon the private sector to supply 
goods and services to the government.
    FIPS 181, FIPS 190 and FIPS 196 are Federal standards on electronic 
authentication technologies. NIST proposes withdrawing these standards 
because they reference withdrawn cryptographic standards and newer 
guidance has been developed based on modern technologies.
    FIPS 191 is being withdrawn because new technologies, techniques 
and threats to computer networks have made the standard obsolete.
    FIPS 185 is being withdrawn because it references a cryptographic 
algorithm that is no longer approved for U.S. government use. FIPS 185, 
Escrowed Encryption Standard, specifies use of a symmetric-key 
encryption (and decryption) algorithm (SKIPJACK) and a Law Enforcement 
Access Field (LEAF) creation method which was intended to support 
lawfully authorized electronic surveillance. The SKIPJACK algorithm is 
no longer approved to protect sensitive government information, and 
NIST recommends the use of newer techniques for data security based on 
current algorithms.
    NIST proposes the withdrawal of FIPS 188 because it is a Federal 
data standard that is now maintained, updated and kept current by 
Federal government agencies other than NIST. Executive Order 13556 
``Controlled Unclassified Information'' assigns the responsibility for 
this data standard to the National

[[Page 2399]]

Archives and Records Administration, and it is available through their 
Web pages.
    Should the Secretary of Commerce approve the withdrawal of these 
FIPS, NIST will keep references to the withdrawn FIPS on its FIPS Web 
pages and will link to current versions of these standards and 
specifications where appropriate.
    Withdrawal means that these FIPS would no longer be part of a 
subscription service that is provided by the National Technical 
Information Service and federal agencies will no longer be required to 
comply with these FIPS. NIST will continue to provide relevant 
information on standards and guidelines by means of electronic 
dissemination methods.
    Comments received in response to this notice will be published 
electronically at http://csrc.nist.gov/publications/PubsFIPS.html 
without change or redaction, so commenters should not include 
information they do not wish to be posted (e.g., personal or 
confidential business information).

    Authority: Federal Information Processing Standards Publications 
(FIPS PUBS) are issued by the National Institute of Standards and 
Technology after approval by the Secretary of Commerce, pursuant to 
Section 5131 of the Information Technology Management Reform Act of 
1996 (Pub. L. 104-106), and the Federal Information Security 
Management Act of 2002 (Pub. L. 107-347).

    Dated: January 6, 2015.
Richard Cavanagh,
Acting Associate Director for Laboratory Programs.
[FR Doc. 2015-00657 Filed 1-15-15; 8:45 am]
BILLING CODE 3510-13-P