Announcing Development of Federal Information Processing Standard (FIPS) 140-3, a Revision of FIPS 140-2, Security Requirements for Cryptographic Modules, 2122-2123 [05-545]
Download as PDF
<![CDATA[
2122
Federal Register / Vol. 70, No. 8 / Wednesday, January 12, 2005 / Notices
Dated: January 6, 2005.
Jeffrey Anspacher,
Director, Export Trading Company Affairs.
[FR Doc. E5–88 Filed 1–11–05; 8:45 am]
BILLING CODE 3510–DR–F
DEPARTMENT OF COMMERCE
International Trade Administration
International Trade
Administration, U.S. Department of
Commerce.
ACTION: Notice of invitation to energy
industry event—Norwegian offshore
opportunities forum.
AGENCY:
March 3, 2005.
TIME: 8 a.m.
LOCATION: The Houstonian Hotel,
Houston, Texas.
SUMMARY: As part of the U.S.-Norway
Oil and Gas Industry Summit in
Houston, the Royal Norwegian Ministry
of Petroleum and Energy and the U.S.
Department of Commerce are pleased to
invite you, or a representative you
designate from your company, to a
breakfast briefing on opportunities on
the Norwegian Continental Shelf (NCS).
The briefing will provide offshore
exploration and production companies
with an overview of the resource
potential and the framework conditions
on the NCS.
Although Norway is the third largest
oil exporter in the world, only about 1⁄4
of the total estimated petroleum
resources on the NCS have been
produced. With the large quantities of
petroleum that remain to be discovered,
the NCS offers a variety of oil and gas
opportunities in both established and
frontier basins. Norway also has a well
established and competitive petroleum
industry, predictable and transparent
framework conditions, and an
approachable and skilled public
administration.
8 a.m.—Breakfast.
8:15 a.m.—Welcome and Opening
Remarks.
Ms. Thorild Widvey, Norwegian
Minister of Petroleum and Energy
Official from the U.S. Department
of Commerce.
8:30 a.m.—The Resource Potential on
the NCS.
Ms. Bente Nyland, Director,
Norwegian Petroleum Directorate.
8:45 a.m.—The Framework Conditions
on the NCS.
Mr. Gunnar Gjerde, Director General,
Norwegian Ministry of Petroleum
and Energy.
9:15 a.m.—Experiences of a U.S. Entrant
to the NCS.
DATE:
VerDate jul<14>2003
17:37 Jan 11, 2005
Jkt 205001
Steven B. Hinchman, Senior Vice
President of Worldwide Production,
Marathon Oil Corporation.
9:35 a.m.—Question and Answer
Period.
9:55 a.m.—Closing Remarks.
Official from the U.S. Department of
Commerce.
10 a.m.—Adjourn.
Please RSVP by February 18, 2005 to
Patterson Brown, U.S. Department of
Commerce, 202/482.4950, 202/482.0170
(fax), or pbrown@ita.doc.gov; or to Erik
Just Olsen, Norwegian Ministry of
Petroleum and Energy, +47 22 24 61 94
or erik-just.olsen@oed.dep.no.
Dated: January 6, 2004.
Patterson W. Brown,
International Trade Specialist, Office of
Energy and Environmental Industries.
[FR Doc. E5–71 Filed 1–11–05; 8:45 am]
BILLING CODE 3510–DR–P
DEPARTMENT OF COMMERCE
National Institute of Standards and
Technology
[Docket No. 041217352–4352–01]
Announcing Development of Federal
Information Processing Standard
(FIPS) 140–3, a Revision of FIPS 140–
2, Security Requirements for
Cryptographic Modules
National Institute of Standards
and Technology (NIST), Commerce.
ACTION: Notice; request for comments.
AGENCY:
SUMMARY: The National Institute of
Standards and Technology announces
that it plans to develop Federal
Information Processing Standard (FIPS)
140–3, which will supersede FIPS 140–
2, Security Requirements for
Cryptographic Modules. FIPS 140–2,
approved by the Secretary of Commerce
and announced in the Federal Register
(June 27, 2001, Volume 66, Number 124,
Pages 34154–34155), identifies
requirements for four levels of security
for cryptographic modules that are
utilized by Federal agencies to protect
the security of Federal information
systems. The Federal Information
Security Management Act (FISMA)
(Public Law 107–347) requires that all
Federal agencies and their contractors
use only those cryptographic-based
security systems that were validated to
FIPS 140–2 or to its predecessor, FIPS
140–1.
DATES: Comments on new and revised
requirements for FIPS 140–3 must be
received on or before Febrary 28, 2005.
ADDRESSES: Comments may be sent
electronically to FIPS140–3@nist.gov, or
PO 00000
Frm 00014
Fmt 4703
Sfmt 4703
may be mailed to Information
Technology Laboratory, ATTN:
Development of FIPS 140–3, 100 Bureau
Drive, Stop 8930, Gaithersburg, MD
20899–8930. All comments received
will be available on the NIST Web site
at: https://csrc.nist.gov/cryptval/
Mr.
Allen Roginsky (301) 975–3603,
National Institute of Standards and
Technology, 100 Bureau Drive, STOP
8930, Gaithersburg, MD 20899–8930. Email: allen.roginsky@nist.gov.
A copy of FIPS 140–2 is available
electronically from the NIST Web site
at: https://csrc.nist.gov/publications/fips/
index.html.
FOR FURTHER INFORMATION CONTACT:
FIPS 140–
2, Security Requirements for
Cryptographic Modules, superseded
FIPS 140–1, which had been issued in
1994. FIPS 140–1 specified that the
standard be reviewed within five years
to consider its continued usefulness and
to determine whether new or revised
requirements should be added. NIST
conducted a review of FIPS 140–1 in
1998–99, and the standard was
reaffirmed as FIPS 140–2 in 2001 with
technical modifications to address
technological advances that had
occurred since FIPS 140–1 had been
issued.
FIPS 140–2 identifies requirements
for four increasing, qualitative levels of
security for cryptographic modules. The
four security levels cover a wide range
of potential applications and a wide
spectrum of information types,
including data with the potential to
cause low, moderate and serious
impacts on organizations should there
be a loss of confidentiality, integrity or
availability of the data. In 1995, NIST
and the Communications Security
Establishment (CSE) of the Government
of Canada established the Cryptographic
Module Validation Program (CMVP) to
validate cryptographic modules to FIPS
140–1 and other cryptography-based
standards. Nearly 500 cryptographic
modules and many implementations of
cryptographic algorithms have been
tested by National Voluntary Laboratory
Accreditation Program (NVLAP)
accredited, independent third-party
laboratories and have been validated.
Products validated by this program are
used in Canada, the U.S., and many
other countries. Federal government
agencies are required to acquire
products that have been validated under
the CMVP when they use cryptographicbased security systems to protect their
information. The CMVP enables vendors
of cryptographic products to use a
common standard and a common testing
SUPPLEMENTARY INFORMATION:
E:\FR\FM\12JAN1.SGM
12JAN1
Federal Register / Vol. 70, No. 8 / Wednesday, January 12, 2005 / Notices
and validation process for their
products.
NIST plans to develop FIPS 140–3 to
meet the new and revised requirements
of Federal agencies for cryptographic
systems, and to address technological
and economic changes that have
occurred since the issuance of FIPS
140–2. As the first step in the
development of FIPS 140–3, NIST
invites comments from the public,
users, the information technology
industry, and Federal, State and local
government organizations concerning
the need for and recommendations for a
new standard.
NIST is especially interested in
comments on the following issues:
(1) Compatibility with industry
standards.
(2) New technology areas.
(3) Introduction of additional levels of
security.
(4) Additional requirements specific
to physical security.
(5) Portability of applications
(including operating systems) based on
platform and/or environment.
Following its review of the comments
submitted in response to this notice,
NIST will hold open, public workshops
in 2005 to discuss the development of
FIPS 140–3. These workshops will be
announced in the Federal Register with
information about participation. NIST
expects to propose FIPS 140–3 for
public review and comment before
recommending the standard to the
Secretary of Commerce for approval in
2006.
NIST will develop a plan for a
transition period for testing and
validating modules to FIPS 140–3, and
for agencies to develop plans to acquire
products that are compliant with FIPS
140–3. The transition plan will also
address the use by Federal agencies of
cryptographic modules that have been
validated for compliance to FIPS 140–1
and FIPS 140–2.
Authority: Federal Information Processing
Standards (FIPS) are issued by the National
Institute of Standards and Technology after
approval by the Secretary of Commerce
pursuant to Section 5131 of the Information
Technology Management Reform Act of 1996
and the Federal Information Security
Management Act of 2002 (Public Law 107–
347).
E.O. 12866: This notice has been
determined not to be significant for the
purposes of E.O. 12866.
Dated: January 5, 2005.
Hratch G. Semerjian,
Acting Director.
[FR Doc. 05–545 Filed 1–11–05; 8:45 am]
BILLING CODE 3510–CN–P
VerDate jul<14>2003
17:37 Jan 11, 2005
Jkt 205001
DEPARTMENT OF COMMERCE
National Institute of Standards and
Technology
Notice of Jointly Owned Invention
Available for Licensing
National Institute of Standards
and Technology, Commerce.
ACTION: Notice of jointly owned
invention available for licensing.
AGENCY:
SUMMARY: The invention listed below is
jointly owned by the U.S. Government,
as represented by the Department of
Commerce, and Biospace, Inc. The
Department of Commerce’s interest in
the invention is available for licensing
in accordance with 35 U.S.C. 207 and 37
CFR part 404 to achieve expeditious
commercialization of results of federally
funded research and development.
FOR FURTHER INFORMATION CONTACT:
Technical and licensing information on
this invention may be obtained by
writing to: National Institute of
Standards and Technology, Office of
Technology Partnerships, Attn: Teresa
Bradshaw, Building 820, Room 213,
Gaithersburg, MD 20899. Information is
also available via telephone: (301) 975–
2624 , fax (301) 869–2751, or e-mail:
teresa.bradshaw@nist.gov. Any request
for information should include the NIST
Docket number and title for the
invention as indicated below.
SUPPLEMENTARY INFORMATION: NIST may
enter into a Cooperative Research and
Development Agreement (‘‘CRADA’’)
with the licensee to perform further
research on the invention for purposes
of commercialization. The invention
available for licensing is:
NIST Docket Number: 01–015
Title: Applying X-ray Topography and
Diffractometry to Improve Protein
Crystal Growth.
Abstract: The present invention
provides a general method and system
for identifying conditions for growing
protein crystals having greater order and
fewer crystal defects that are suitable for
use in determining the structure of the
protein by x-ray diffractometry. Crystals
of a protein are grown under different
sets of predetermined conditions and xray topographic images of the protein
crystals are generated. The x-ray
topographic images reveal defects in the
crystals and permit identification of the
set(s) of conditions that produce crystals
having the fewest crystal defects. In a
preferred embodiment, the protein
crystals are grown in a dynamically
controlled crystallization system
(DCCS). An important condition of
crystal growth that can be optimized by
PO 00000
Frm 00015
Fmt 4703
Sfmt 4703
2123
the method is the effective gravity, geff,
experienced by the growing crystal; for
example, when the crystal is grown
under microgravity in space, or in a
powerful magnetic field that causes the
protein molecules in the growing crystal
to experience acceleration of an
effective gravitational field that is
greater or less than the actual
gravitational field at the earth’s surface.
With the present method, it is possible
to identify differences between crystals
grown on the earth with the DCCS and
those grown in space under identical
conditions. A comparison of x-ray
topographs taken from both earth grown
and space grown crystals indicates that
the space grown crystals are of higher
crystallographic perfection.
Dated: January 5, 2005.
Hratch G. Semerjian,
Acting Director.
[FR Doc. 05–544 Filed 1–11–05; 8:45 am]
BILLING CODE 3510–13–P
DEPARTMENT OF COMMERCE
National Oceanic and Atmospheric
Administration
[I.D. 092704B]
Taking of Marine Mammals Incidental
to Specified Activities; Construction of
the East Span of the San FranciscoOakland Bay Bridge
National Marine Fisheries
Service (NMFS), National Oceanic and
Atmospheric Administration (NOAA),
Commerce.
ACTION: Notice of issuance of an
incidental harassment authorization.
AGENCY:
SUMMARY: In accordance with provisions
of the Marine Mammal Protection Act
(MMPA) as amended, notification is
hereby given that an Incidental
Harassment Authorization (IHA) has
been issued to the California
Department of Transportation
(CALTRANS) to take small numbers of
California sea lions, Pacific harbor seals,
and gray whales, by harassment,
incidental to construction of a
replacement bridge for the East Span of
the San Francisco-Oakland Bay Bridge
(SF-OBB) in California.
DATES: This authorization is effective
from January 3, 2005, until January 3,
2006.
ADDRESSES: A copy of the application,
IHA, and/or a list of references used in
this document may be obtained by
writing to Steve Leathery, Chief,
Permits, Conservation and Education
Division, Office of Protected Resources,
National Marine Fisheries Service, 1315
E:\FR\FM\12JAN1.SGM
12JAN1
]]>Agencies
[Federal Register Volume 70, Number 8 (Wednesday, January 12, 2005)]
[Notices]
[Pages 2122-2123]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 05-545]
-----------------------------------------------------------------------
DEPARTMENT OF COMMERCE
National Institute of Standards and Technology
[Docket No. 041217352-4352-01]
Announcing Development of Federal Information Processing Standard
(FIPS) 140-3, a Revision of FIPS 140-2, Security Requirements for
Cryptographic Modules
AGENCY: National Institute of Standards and Technology (NIST),
Commerce.
ACTION: Notice; request for comments.
-----------------------------------------------------------------------
SUMMARY: The National Institute of Standards and Technology announces
that it plans to develop Federal Information Processing Standard (FIPS)
140-3, which will supersede FIPS 140-2, Security Requirements for
Cryptographic Modules. FIPS 140-2, approved by the Secretary of
Commerce and announced in the Federal Register (June 27, 2001, Volume
66, Number 124, Pages 34154-34155), identifies requirements for four
levels of security for cryptographic modules that are utilized by
Federal agencies to protect the security of Federal information
systems. The Federal Information Security Management Act (FISMA)
(Public Law 107-347) requires that all Federal agencies and their
contractors use only those cryptographic-based security systems that
were validated to FIPS 140-2 or to its predecessor, FIPS 140-1.
DATES: Comments on new and revised requirements for FIPS 140-3 must be
received on or before Febrary 28, 2005.
ADDRESSES: Comments may be sent electronically to FIPS140-3@nist.gov,
or may be mailed to Information Technology Laboratory, ATTN:
Development of FIPS 140-3, 100 Bureau Drive, Stop 8930, Gaithersburg,
MD 20899-8930. All comments received will be available on the NIST Web
site at: https://csrc.nist.gov/cryptval/
FOR FURTHER INFORMATION CONTACT: Mr. Allen Roginsky (301) 975-3603,
National Institute of Standards and Technology, 100 Bureau Drive, STOP
8930, Gaithersburg, MD 20899-8930. E-mail: allen.roginsky@nist.gov.
A copy of FIPS 140-2 is available electronically from the NIST Web
site at: https://csrc.nist.gov/publications/fips/.
SUPPLEMENTARY INFORMATION: FIPS 140-2, Security Requirements for
Cryptographic Modules, superseded FIPS 140-1, which had been issued in
1994. FIPS 140-1 specified that the standard be reviewed within five
years to consider its continued usefulness and to determine whether new
or revised requirements should be added. NIST conducted a review of
FIPS 140-1 in 1998-99, and the standard was reaffirmed as FIPS 140-2 in
2001 with technical modifications to address technological advances
that had occurred since FIPS 140-1 had been issued.
FIPS 140-2 identifies requirements for four increasing, qualitative
levels of security for cryptographic modules. The four security levels
cover a wide range of potential applications and a wide spectrum of
information types, including data with the potential to cause low,
moderate and serious impacts on organizations should there be a loss of
confidentiality, integrity or availability of the data. In 1995, NIST
and the Communications Security Establishment (CSE) of the Government
of Canada established the Cryptographic Module Validation Program
(CMVP) to validate cryptographic modules to FIPS 140-1 and other
cryptography-based standards. Nearly 500 cryptographic modules and many
implementations of cryptographic algorithms have been tested by
National Voluntary Laboratory Accreditation Program (NVLAP) accredited,
independent third-party laboratories and have been validated. Products
validated by this program are used in Canada, the U.S., and many other
countries. Federal government agencies are required to acquire products
that have been validated under the CMVP when they use cryptographic-
based security systems to protect their information. The CMVP enables
vendors of cryptographic products to use a common standard and a common
testing
[[Page 2123]]
and validation process for their products.
NIST plans to develop FIPS 140-3 to meet the new and revised
requirements of Federal agencies for cryptographic systems, and to
address technological and economic changes that have occurred since the
issuance of FIPS 140-2. As the first step in the development of FIPS
140-3, NIST invites comments from the public, users, the information
technology industry, and Federal, State and local government
organizations concerning the need for and recommendations for a new
standard.
NIST is especially interested in comments on the following issues:
(1) Compatibility with industry standards.
(2) New technology areas.
(3) Introduction of additional levels of security.
(4) Additional requirements specific to physical security.
(5) Portability of applications (including operating systems) based
on platform and/or environment.
Following its review of the comments submitted in response to this
notice, NIST will hold open, public workshops in 2005 to discuss the
development of FIPS 140-3. These workshops will be announced in the
Federal Register with information about participation. NIST expects to
propose FIPS 140-3 for public review and comment before recommending
the standard to the Secretary of Commerce for approval in 2006.
NIST will develop a plan for a transition period for testing and
validating modules to FIPS 140-3, and for agencies to develop plans to
acquire products that are compliant with FIPS 140-3. The transition
plan will also address the use by Federal agencies of cryptographic
modules that have been validated for compliance to FIPS 140-1 and FIPS
140-2.
Authority: Federal Information Processing Standards (FIPS) are
issued by the National Institute of Standards and Technology after
approval by the Secretary of Commerce pursuant to Section 5131 of
the Information Technology Management Reform Act of 1996 and the
Federal Information Security Management Act of 2002 (Public Law 107-
347).
E.O. 12866: This notice has been determined not to be significant
for the purposes of E.O. 12866.
Dated: January 5, 2005.
Hratch G. Semerjian,
Acting Director.
[FR Doc. 05-545 Filed 1-11-05; 8:45 am]
BILLING CODE 3510-CN-P
