Government Use of Standards for Security and Conformance Requirements for Cryptographic Algorithm and Cryptographic Module Testing and Validation Programs, 48295-48296 [2015-19743]
Download as PDF
<![CDATA[
Federal Register / Vol. 80, No. 155 / Wednesday, August 12, 2015 / Notices
regarding the reimbursement of
antidumping duties prior to liquidation
of the relevant entries during this
review period. Failure to comply with
this requirement could result in the
Department’s presumption that
reimbursement of antidumping duties
occurred and the subsequent assessment
of double antidumping duties.
We are issuing and publishing these
results in accordance with sections
751(a)(1) and 777(i)(1) of the Act and 19
CFR 351.213 and 351.221(b)(4).
Dated: July 30, 2015.
Ronald K. Lorentzen,
Acting Assistant Secretary for Enforcement
and Compliance.
Appendix
List of Topics Discussed in the Preliminary
Results Decision Memorandum
Summary
Background
Partial Rescission
Scope of the Order
Discussion of the Methodology
Non-Market Economy Status
PRC-Wide Entity
Recommendation
[FR Doc. 2015–19359 Filed 8–11–15; 8:45 am]
BILLING CODE 3510–DS–P
DEPARTMENT OF COMMERCE
National Institute of Standards and
Technology
[Docket No. 150706577–5577–01]
RIN 0693–XC051
Government Use of Standards for
Security and Conformance
Requirements for Cryptographic
Algorithm and Cryptographic Module
Testing and Validation Programs
National Institute of Standards
and Technology (NIST), Commerce.
ACTION: Notice; Request for information.
AGENCY:
NIST is seeking public
comment on the potential use of certain
International Organization for
Standardization/International
Electrotechnical Commission (ISO/IEC)
standards for cryptographic algorithm
and cryptographic module testing,
conformance, and validation activities,
currently specified by Federal
Information Processing Standard (FIPS)
140–2. The National Technology
Transfer and Advancement Act
(NTTAA) directs federal agencies to
adopt voluntary consensus standards
wherever possible. The responses to this
request for information will be used to
plan possible changes to the FIPS or in
a decision to use all or part of the ISO/
IEC standards for testing, conformance
mstockstill on DSK4VPTVN1PROD with NOTICES
SUMMARY:
VerDate Sep<11>2014
18:16 Aug 11, 2015
Jkt 235001
and validation of cryptographic
algorithms and modules.
DATES: Comments on the potential use
of ISO/IEC 19790:2014 must be received
no later than 5 p.m., EST on September
28, 2015.
ADDRESSES: Written comments
concerning the potential use of ISO/IEC
19790:2014 should be sent to:
Information Technology Laboratory,
ATTN Use of ISO/IEC 19790, Mail Stop
7730, National Institute of Standards
and Technology, 100 Bureau Drive,
Gaithersburg, MD 20899.
Electronic comments should be sent
to: UseOfISO@nist.gov.
FOR FURTHER INFORMATION CONTACT: Ms.
Diane Honeycutt, telephone (301) 975–
8443, MS 8930, National Institute of
Standards and Technology,
Gaithersburg, MD 20899 or via email at
DHoneycutt@nist.gov.
SUPPLEMENTARY INFORMATION: The
National Technology Transfer and
Advancement Act (NTTAA), Public Law
104–113, directs federal agencies with
respect to their use of and participation
in the development of voluntary
consensus standards. The NTTAA’s
objective is for federal agencies to adopt
voluntary consensus standards,
wherever possible, in lieu of creating
proprietary, non-consensus standards.
As the implementation of commercial
cryptography, which is used to protect
U.S. non-national security information
and information systems, is now
commoditized and built, marketed and
used globally, NIST is seeking
comments on using the ISO/IEC
19790:2014 Security Requirements for
Cryptographic Modules standard as the
U.S. Federal Standard for cryptographic
modules (https://www.iso.org/iso/
catalogue_detail.htm?csnumber=59142).
The standards for cryptographic
module testing, conformance, and
validation activities are currently
specified by Federal Information
Processing Standard (FIPS) 140–2. This
standard is used to ensure encryption
technologies used by the U.S.
Government meet minimally acceptable
requirements and can demonstrate an
acceptable level of conformance to the
Standard that is commensurate with the
risk the U.S. Government finds
acceptable when using encryption
technologies to protect U.S. Government
information and information systems.
NIST is interested in the commercial
and market effects to U.S. industry and
the potential changes to visibility in
cryptographic modules conformance to
standards, as well as the ISO/IEC
19790:2014 standards ability to meet
requirements for the U.S. Government.
NIST is also interested in comments on
PO 00000
Frm 00009
Fmt 4703
Sfmt 4703
48295
the possible uses of ISO/IEC 19790:2014
that range from use of only selected
sections, continuing with a FIPS
requirement that cites a baseline version
of the ISO/IEC 19790:2014, and/or full
use of the ISO/IEC standard. NIST is
also interested in feedback on the
impacts of a potential U.S. Government
requirement for use and conformance
using a standard with a fee-based model
where organizations must purchase
copies of the ISO/IEC 19790:2014.
NIST is particularly interested in
comments from commercial
implementers of cryptography, testing
and conformance organizations, users of
cryptography, and organizations who
currently require or cite FIPS 140–2 as
a normative reference, on the benefits
versus risks in using ISO/IEC
19790:2014 rather than FIPS 140–2 from
perspectives of technology,
implementations, risks and impacts to
commercial IT markets. NIST requests
comments on the following questions
regarding the use of ISO/IEC
19790:2014, but comments on other
cryptographic test and conformance
issues will also be considered.
(1) Have your customers or users
asked for either ISO/IEC 19790:2014 or
FIPS 140–2 validations in cryptographic
products?
(2) Have the markets you serve asked
for either validation and have you
noticed any changes in what the
markets you serve are asking for?
(3) Do you think the ISO/IEC
19790:2014 standard specifies tests and
provides evidence of conformance for
cryptographic algorithms and modules
better, equally or less as compared to
FIPS 140–2 and in what areas?
(4) Is there a difference in risk that
you perceive would be mitigated or
accepted in use of one standard versus
the other?
(5) Are the requirements in ISO/IEC
19790:2014 specific enough for your
organization to develop a cryptographic
module that can demonstrate
conformance to this standard?
(6) Would the U.S. Government
citation of an ISO standard that has a fee
for access to the standard inhibit your
use or implementation of this standard?
(7) Do either FIPS 140–2 or ISO/IEC
19790:2014 have a gap area that is not
required for implementation, test or
validation that presents an unacceptable
risk to users of cryptographic modules?
The responses to this request for
information will be used to plan
possible changes to the FIPS or in a
decision to use all or part of ISO/IEC
19790:2014 for testing, conformance and
validation of cryptographic algorithms
and modules. In any decision made, it
is the intention of NIST to continue
E:\FR\FM\12AUN1.SGM
12AUN1
48296
Federal Register / Vol. 80, No. 155 / Wednesday, August 12, 2015 / Notices
specifying requirements for
cryptography and cryptographic
mechanisms used by the U.S.
Government and a program for
commercial products to demonstrate
conformance to those requirements. It is
also the intention of NIST to continue
to specify the cryptographic modules,
modes and key management schemes
that are acceptable for use by the U.S.
Government to protect its information
and information systems regardless of
any test, conformance or validation
standards decision.
Authority: Federal Information Processing
Standards Publications (FIPS PUBS) are
issued by the National Institute of Standards
and Technology after approval by the
Secretary of Commerce, pursuant to Section
5131 of the Information Technology
Management Reform Act of 1996 (Pub. L.
104–106), and the Federal Information
Security Management Act of 2002 (Pub. L.
107–347).
Kevin Kimball,
Chief of Staff.
[FR Doc. 2015–19743 Filed 8–11–15; 8:45 am]
BILLING CODE 3510–13–P
DEPARTMENT OF COMMERCE
National Institute of Standards and
Technology
External RNA Controls Consortium—
Call for Participation and Contributions
to a Sequence Library
National Institute of Standards
& Technology (NIST), Department of
Commerce.
ACTION: Notice.
AGENCY:
NIST is reconvening the
External RNA Controls Consortium
(ERCC), a public, private, and academic
research collaboration to develop
external RNA controls for gene
expression assays (71 FR 10012 and
NIST Standard Reference Material 2374,
available at https://www.nist.gov/mml/
bbd/srm-2374.cfm). ERCC products are
being extended to accommodate
recently emerged applications. This is a
call for (1) participation in ERCC
activities and (2) collection of nucleic
acid sequences to extend the ERCC
library.
The ERCC library is a tool for
generating RNA controls; any party may
disseminate such controls. Intellectual
property rights may be maintained on
submitted sequences, but submitted
sequences must be declared to be free
for use as RNA controls.
DATES: NIST will compile a library of
sequences to be experimentally
evaluated as RNA controls. Those
mstockstill on DSK4VPTVN1PROD with NOTICES
SUMMARY:
VerDate Sep<11>2014
18:16 Aug 11, 2015
Jkt 235001
sequences received by 5:00 p.m. Pacific
Time September 30, 2015 will be
considered for inclusion in this
evaluation. Sequences submitted after
this date may be considered in further
evaluations.
ADDRESSES: Inquiries regarding ERCC
participation and/or sequence
submissions should be sent by email to
ERCCsequences@nist.gov. See
SUPPLEMENTARY INFORMATION for file
formats and other information about
sequence submission.
FOR FURTHER INFORMATION CONTACT:
Sarah Munro, Jerod Parsons, or Marc
Salit by email at ERCCsequences@
nist.gov.
SUPPLEMENTARY INFORMATION: NIST is
reconvening the External RNA Controls
Consortium (ERCC) to develop external
RNA controls for gene expression
assays. This group has already
established a set of 96 RNA control
sequences, commonly referred to as the
ERCC controls, which is maintained as
NIST Standard Reference Material 2374.
Participation in the ERCC is open to all.
ERCC activities may include:
1. Design and contribution of RNA control
sequences,
2. validation of RNA control molecules
with multi-laboratory testing,
3. analysis of results, and
4. dissemination of ERCC products, such as
validated sequences, methods, and analysis
tools.
For further information on ERCC
participation, please contact
ERCCsequences@nist.gov.
NIST is collecting nucleic acid
sequences to form an extended library of
ERCC sequences suitable for the
preparation of RNA controls. The RNA
control sequences are intended to mimic
endogenous RNA molecules, including
mRNA, mRNA isoforms, microRNA,
and other classes of biological RNA
molecules. Intellectual property rights
may be maintained on submitted
sequences, but submitted sequences
must be declared to be free for use as
RNA controls. Selected sequence
contributions will be experimentally
evaluated based on testing of the
following three RNA control
hypotheses:
1. The RNA controls behave as mimics of
endogenous RNA in assays
2. The RNA controls do not interfere with
assays of endogenous RNA
3. Hypotheses 1 and 2 are valid in commonly
used RNA assays
Sequence submissions should consist
of (1) a single sequence fasta file or
multi-fasta file and (2) a single text file
containing the following metadata for
each submitted sequence:
1. The class of RNA molecule the control(s)
PO 00000
Frm 00010
Fmt 4703
Sfmt 4703
are intended to mimic
2. Source of the sequence(s)
3. Proposed use scenario for the control(s)
4. Physical form of nucleic acids submitted
(if any)
5. Intellectual property rights status
To submit files or for further
questions on sequence submission
please contact ERCCsequences@nist.gov.
Authority: 15 U.S.C. 272(b) and (c).
Kevin Kimball,
Chief of Staff.
[FR Doc. 2015–19742 Filed 8–11–15; 8:45 am]
BILLING CODE 3510–13–P
DEPARTMENT OF COMMERCE
National Oceanic and Atmospheric
Administration
RIN 0648–XE071
Taking and Importing Marine
Mammals: Taking Marine Mammals
Incidental to Navy Operations of
Surveillance Towed Array Sensor
System Low Frequency Active Sonar
National Marine Fisheries
Service (NMFS), National Oceanic and
Atmospheric Administration (NOAA),
Commerce.
ACTION: Notice; issuance of four Letters
of Authorization.
AGENCY:
In accordance with
regulations issued under the Marine
Mammal Protection Act, as amended,
we hereby give notification that we, the
National Marine Fisheries Service
(NMFS), have issued four 1-year Letters
of Authorization (Authorizations) to the
U.S. Navy (Navy) to take marine
mammals by harassment incidental to
their military readiness activities
associated with the routine training,
testing, and military operations of
Surveillance Towed Array Sensor
System Low Frequency Active
(SURTASS LFA) sonar within the
northwest Pacific Ocean and the northcentral Pacific Ocean.
DATES: These Authorizations are
effective from August 15, 2015, through
August 14, 2016.
ADDRESSES: Electronic copies of the
Navy’s March 31, 2015, application
letter and the Authorizations are
available by writing to Jolie Harrison,
Chief, Permits and Conservation
Division, Office of Protected Resources,
National Marine Fisheries Service, 1315
East-West Highway, Silver Spring, MD
20910–3225, by telephoning the contact
listed here (See FOR FURTHER
INFORMATION CONTACT), or online at:
https://www.nmfs.noaa.gov/pr/permits/
incidental/military.htm#surtass. The
SUMMARY:
E:\FR\FM\12AUN1.SGM
12AUN1
]]>Agencies
[Federal Register Volume 80, Number 155 (Wednesday, August 12, 2015)]
[Notices]
[Pages 48295-48296]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2015-19743]
-----------------------------------------------------------------------
DEPARTMENT OF COMMERCE
National Institute of Standards and Technology
[Docket No. 150706577-5577-01]
RIN 0693-XC051
Government Use of Standards for Security and Conformance
Requirements for Cryptographic Algorithm and Cryptographic Module
Testing and Validation Programs
AGENCY: National Institute of Standards and Technology (NIST),
Commerce.
ACTION: Notice; Request for information.
-----------------------------------------------------------------------
SUMMARY: NIST is seeking public comment on the potential use of certain
International Organization for Standardization/International
Electrotechnical Commission (ISO/IEC) standards for cryptographic
algorithm and cryptographic module testing, conformance, and validation
activities, currently specified by Federal Information Processing
Standard (FIPS) 140-2. The National Technology Transfer and Advancement
Act (NTTAA) directs federal agencies to adopt voluntary consensus
standards wherever possible. The responses to this request for
information will be used to plan possible changes to the FIPS or in a
decision to use all or part of the ISO/IEC standards for testing,
conformance and validation of cryptographic algorithms and modules.
DATES: Comments on the potential use of ISO/IEC 19790:2014 must be
received no later than 5 p.m., EST on September 28, 2015.
ADDRESSES: Written comments concerning the potential use of ISO/IEC
19790:2014 should be sent to: Information Technology Laboratory, ATTN
Use of ISO/IEC 19790, Mail Stop 7730, National Institute of Standards
and Technology, 100 Bureau Drive, Gaithersburg, MD 20899.
Electronic comments should be sent to: UseOfISO@nist.gov.
FOR FURTHER INFORMATION CONTACT: Ms. Diane Honeycutt, telephone (301)
975-8443, MS 8930, National Institute of Standards and Technology,
Gaithersburg, MD 20899 or via email at DHoneycutt@nist.gov.
SUPPLEMENTARY INFORMATION: The National Technology Transfer and
Advancement Act (NTTAA), Public Law 104-113, directs federal agencies
with respect to their use of and participation in the development of
voluntary consensus standards. The NTTAA's objective is for federal
agencies to adopt voluntary consensus standards, wherever possible, in
lieu of creating proprietary, non-consensus standards. As the
implementation of commercial cryptography, which is used to protect
U.S. non-national security information and information systems, is now
commoditized and built, marketed and used globally, NIST is seeking
comments on using the ISO/IEC 19790:2014 Security Requirements for
Cryptographic Modules standard as the U.S. Federal Standard for
cryptographic modules (https://www.iso.org/iso/catalogue_detail.htm?csnumber=59142).
The standards for cryptographic module testing, conformance, and
validation activities are currently specified by Federal Information
Processing Standard (FIPS) 140-2. This standard is used to ensure
encryption technologies used by the U.S. Government meet minimally
acceptable requirements and can demonstrate an acceptable level of
conformance to the Standard that is commensurate with the risk the U.S.
Government finds acceptable when using encryption technologies to
protect U.S. Government information and information systems.
NIST is interested in the commercial and market effects to U.S.
industry and the potential changes to visibility in cryptographic
modules conformance to standards, as well as the ISO/IEC 19790:2014
standards ability to meet requirements for the U.S. Government. NIST is
also interested in comments on the possible uses of ISO/IEC 19790:2014
that range from use of only selected sections, continuing with a FIPS
requirement that cites a baseline version of the ISO/IEC 19790:2014,
and/or full use of the ISO/IEC standard. NIST is also interested in
feedback on the impacts of a potential U.S. Government requirement for
use and conformance using a standard with a fee-based model where
organizations must purchase copies of the ISO/IEC 19790:2014.
NIST is particularly interested in comments from commercial
implementers of cryptography, testing and conformance organizations,
users of cryptography, and organizations who currently require or cite
FIPS 140-2 as a normative reference, on the benefits versus risks in
using ISO/IEC 19790:2014 rather than FIPS 140-2 from perspectives of
technology, implementations, risks and impacts to commercial IT
markets. NIST requests comments on the following questions regarding
the use of ISO/IEC 19790:2014, but comments on other cryptographic test
and conformance issues will also be considered.
(1) Have your customers or users asked for either ISO/IEC
19790:2014 or FIPS 140-2 validations in cryptographic products?
(2) Have the markets you serve asked for either validation and have
you noticed any changes in what the markets you serve are asking for?
(3) Do you think the ISO/IEC 19790:2014 standard specifies tests
and provides evidence of conformance for cryptographic algorithms and
modules better, equally or less as compared to FIPS 140-2 and in what
areas?
(4) Is there a difference in risk that you perceive would be
mitigated or accepted in use of one standard versus the other?
(5) Are the requirements in ISO/IEC 19790:2014 specific enough for
your organization to develop a cryptographic module that can
demonstrate conformance to this standard?
(6) Would the U.S. Government citation of an ISO standard that has
a fee for access to the standard inhibit your use or implementation of
this standard?
(7) Do either FIPS 140-2 or ISO/IEC 19790:2014 have a gap area that
is not required for implementation, test or validation that presents an
unacceptable risk to users of cryptographic modules?
The responses to this request for information will be used to plan
possible changes to the FIPS or in a decision to use all or part of
ISO/IEC 19790:2014 for testing, conformance and validation of
cryptographic algorithms and modules. In any decision made, it is the
intention of NIST to continue
[[Page 48296]]
specifying requirements for cryptography and cryptographic mechanisms
used by the U.S. Government and a program for commercial products to
demonstrate conformance to those requirements. It is also the intention
of NIST to continue to specify the cryptographic modules, modes and key
management schemes that are acceptable for use by the U.S. Government
to protect its information and information systems regardless of any
test, conformance or validation standards decision.
Authority: Federal Information Processing Standards Publications
(FIPS PUBS) are issued by the National Institute of Standards and
Technology after approval by the Secretary of Commerce, pursuant to
Section 5131 of the Information Technology Management Reform Act of
1996 (Pub. L. 104-106), and the Federal Information Security
Management Act of 2002 (Pub. L. 107-347).
Kevin Kimball,
Chief of Staff.
[FR Doc. 2015-19743 Filed 8-11-15; 8:45 am]
BILLING CODE 3510-13-P
