Request for Comments on Federal Information Processing Standard (FIPS) 201-3, 69599-69600 [2020-24283]

Download as PDF Federal Register / Vol. 85, No. 213 / Tuesday, November 3, 2020 / Notices of this preliminary determination or 45 days after the final determination whether these imports materially injure, or threaten material injury to, the U.S. industry. Notification to Interested Parties This determination is issued and published in accordance with sections 733(f) and 777(i)(1) of the Act and 19 CFR 351.205(c). Dated: October 27, 2020. Jeffrey I. Kessler, Assistant Secretary for Enforcement and Compliance. khammond on DSKJM1Z7X2PROD with NOTICES Appendix I Scope of the Investigation The products covered by this investigation are all types of youth and adult mattresses. The term ‘‘mattress’’ denotes an assembly of materials that at a minimum includes a ‘‘core,’’ which provides the main support system of the mattress, and may consist of innersprings, foam, other resilient filling, or a combination of these materials. Mattresses may also contain: (1) ‘‘Upholstery,’’ the material between the core and the top panel of the ticking on a single-sided mattress; or between the core and the top and bottom panel of the ticking on a double-sided mattress; and/or (2) ‘‘ticking,’’ the outermost layer of fabric or other material (e.g., vinyl) that encloses the core and any upholstery, also known as a cover. The scope of this investigation is restricted to only ‘‘adult mattresses’’ and ‘‘youth mattresses.’’ ‘‘Adult mattresses’’ are frequently described as ‘‘twin,’’ ‘‘extra-long twin,’’ ‘‘full,’’ ‘‘queen,’’ ‘‘king,’’ or ‘‘California king’’ mattresses. ‘‘Youth mattresses’’ are typically described as ‘‘crib,’’ ‘‘toddler,’’ or ‘‘youth’’ mattresses. All adult and youth mattresses are included regardless of size and size description. The scope encompasses all types of ‘‘innerspring mattresses,’’ ‘‘non-innerspring mattresses,’’ and ‘‘hybrid mattresses.’’ ‘‘Innerspring mattresses’’ contain innersprings, a series of metal springs joined together in sizes that correspond to the dimensions of mattresses. Mattresses that contain innersprings are referred to as ‘‘innerspring mattresses’’ or ‘‘hybrid mattresses.’’ ‘‘Hybrid mattresses’’ contain two or more support systems as the core, such as layers of both memory foam and innerspring units. ‘‘Non-innerspring mattresses’’ are those that do not contain any innerspring units. They are generally produced from foams (e.g., polyurethane, memory (viscoelastic), latex foam, gel- infused viscoelastic (gel foam), thermobonded polyester, polyethylene) or other resilient filling. Mattresses covered by the scope of this investigation may be imported independently, as part of furniture or furniture mechanisms (e.g., convertible sofa bed mattresses, sofa bed mattresses imported with sofa bed mechanisms, corner group mattresses, day-bed mattresses, roll-away bed mattresses, high risers, trundle bed mattresses, crib mattresses), or as part of a set VerDate Sep<11>2014 16:55 Nov 02, 2020 Jkt 253001 in combination with a ‘‘mattress foundation.’’ ‘‘Mattress foundations’’ are any base or support for a mattress. Mattress foundations are commonly referred to as ‘‘foundations,’’ ‘‘boxsprings,’’ ‘‘platforms,’’ and/or ‘‘bases.’’ Bases can be static, foldable, or adjustable. Only the mattress is covered by the scope if imported as part of furniture, with furniture mechanisms, or as part of a set in combination with a mattress foundation. Excluded from the scope of this investigation are ‘‘futon’’ mattresses. A ‘‘futon’’ is a bi-fold frame made of wood, metal, or plastic material, or any combination thereof, that functions as both seating furniture (such as a couch, love seat, or sofa) and a bed. A ‘‘futon mattress’’ is a tufted mattress, where the top covering is secured to the bottom with thread that goes completely through the mattress from the top through to the bottom, and it does not contain innersprings or foam. A futon mattress is both the bed and seating surface for the futon. Also excluded from the scope are airbeds (including inflatable mattresses) and waterbeds, which consist of air- or liquidfilled bladders as the core or main support system of the mattress. Also excluded is certain multifunctional furniture that is convertible from seating to sleeping, regardless of filler material or components, where that filler material or components are upholstered, integrated into the design and construction of, and inseparable from, the furniture framing, and the outermost layer of the multifunctional furniture converts into the sleeping surface. Such furniture may, and without limitation, be commonly referred to as ‘‘convertible sofas,’’ ‘‘sofabeds,’’ ‘‘sofa chaise sleepers,’’ ‘‘futons,’’ ‘‘ottoman sleepers’’ or a like description. Also excluded from the scope of this investigation are any products covered by the existing antidumping duty orders on uncovered innerspring units from China or Vietnam. See Uncovered Innerspring Units from the People’s Republic of China: Notice of Antidumping Duty Order, 74 FR 7661 (February 19, 2009); Uncovered Innerspring Units from the Socialist Republic of Vietnam, 73 FR 75391 (December 11, 2008). Also excluded from the scope of this investigation are bassinet pads with a nominal length of less than 39 inches, a nominal width less than 25 inches, and a nominal depth of less than 2 inches. Additionally, also excluded from the scope of this investigation are ‘‘mattress toppers.’’ A ‘‘mattress topper’’ is a removable bedding accessory that supplements a mattress by providing an additional layer that is placed on top of a mattress. Excluded mattress toppers have a height of four inches or less. The products subject to this investigation are currently properly classifiable under HTSUS subheadings: 9404.21.0010, 9404.21.0013, 9404.29.1005, 9404.29.1013, 9404.29.9085, and 9404.29.9087. Products subject to this investigation may also enter under HTSUS subheadings: 9404.21.0095, 9404.29.1095, 9404.29.9095, 9401.40.0000, and 9401.90.5081. Although the HTSUS subheadings are provided for convenience and customs purposes, the written PO 00000 Frm 00036 Fmt 4703 Sfmt 4703 69599 description of the merchandise subject to this investigation is dispositive. Appendix II List of Topics Discussed in the Preliminary Decision Memorandum I. Summary II. Background III. Period of Investigation IV. Discussion of the Methodology V. Particular Market Situation VI. Recommendation [FR Doc. 2020–24297 Filed 11–2–20; 8:45 am] BILLING CODE 3510–DS–P DEPARTMENT OF COMMERCE National Institute of Standards and Technology [Docket No. [201023–0280] Request for Comments on Federal Information Processing Standard (FIPS) 201–3 National Institute of Standards and Technology (NIST), Commerce. ACTION: Notice; request for comments. AGENCY: The National Institute of Standards and Technology (NIST) requests comments on Draft Federal Information Processing Standard (FIPS) 201–3, Personal Identity Verification (PIV) of Federal Employees and Contractors (Standard). This Standard defines common credentials and authentication mechanisms offering varying degrees of security for both logical and physical access applications. The draft revision proposes changes to FIPS 201–2, Standard for Personal Identity Verification of Federal Employees and Contractors to include: Expanding specification on the use of additional PIV credentials known as derived PIV credentials, procedures for supervised remote identity proofing, the use of federation as a means for a relying system to interoperate with PIV credentials issued by other agencies, alignment with the current practice/ policy of the Federal Government and specific changes requested by Federal agencies and implementers. Before recommending these proposed changes to the Secretary of Commerce for review and approval, NIST invites comments from all interested parties. DATES: Comments on FIPS 201–3 must be received on or before February 1, 2021. ADDRESSES: The draft of FIPS 201–3 is available for review and comment on the NIST Computer Security Resource Center website at https://csrc.nist.gov and at https://www.regulations.gov/. Comments on FIPS 201–3 may be sent SUMMARY: E:\FR\FM\03NON1.SGM 03NON1 khammond on DSKJM1Z7X2PROD with NOTICES 69600 Federal Register / Vol. 85, No. 213 / Tuesday, November 3, 2020 / Notices electronically to piv_comments@ nist.gov with ‘‘Comment on FIPS 201– 3’’ in the subject line or may be submitted via https:// www.regulations.gov/. Comments may also be submitted on the project repository at https://github.com/ usnistgov/FIPS201. Written comments may be submitted by mail to Information Technology Laboratory, ATTN: FIPS 201–3 Comments, National Institute of Standards and Technology, 100 Bureau Drive, Mail Stop 8930, Gaithersburg, MD 20899–8930. All submissions, including attachments and other supporting materials, will become part of the public record and subject to public disclosure. NIST reserves the right to publish relevant comments, unedited and in their entirety. Relevant comments received by the deadline will be published electronically at https:// csrc.nist.gov/, https:// www.regulations.gov/ and the project repository at https://github.com/ usnistgov/FIPS201 without change or redaction, so commenters should not include information they do not wish to be posted. Personal information, such as account numbers or Social Security numbers, or names of other individuals, should not be included. Do not submit confidential business information or otherwise sensitive or protected information. Comments that contain profanity, vulgarity, threats, or other inappropriate language or content will not be posted or considered. FOR FURTHER INFORMATION CONTACT: Hildegard Ferraiolo, National Institute of Standards and Technology, 100 Bureau Drive, Mail Stop Number 8930, Gaithersburg, MD 20899–8930, email: hferraio@nist.gov, phone: (301) 975– 6972. SUPPLEMENTARY INFORMATION: FIPS 201 defines common credentials and authentication mechanisms offering varying degrees of security for both logical and physical access applications. Federal departments and agencies will determine the level of security and authentication mechanisms appropriate for their respective applications. The scope of this Standard is limited to authentication of an individual’s identity. Authorization and access control decisions are outside the scope of this Standard. Moreover, requirements for a temporary credential used until a new or replacement PIV credential arrives are out of scope of this Standard. In accordance with NIST policy, FIPS 201–2 (the version of the Standard currently in effect) was due for review in 2018. In consideration of changes in VerDate Sep<11>2014 16:55 Nov 02, 2020 Jkt 253001 the environment over the last several years and of specific requests for changes from Federal agencies, NIST determined that a revision of FIPS 201– 2 is warranted. NIST has received numerous change requests, some of which, after analysis and coordination with the Office of Management and Budget (OMB), the Office of Personnel Management (OPM), and other Federal agencies, are incorporated in the Draft FIPS 201–3. Other change requests incorporated in the Draft FIPS 201–3 result from the 2019 Business Requirements Meeting held at NIST. The meeting focused on business requirements of Federal agencies. The proposed changes in Draft FIPS 201–3 are: • Alignment with SP 800–63–3 language and terms. • Updated OMB policy guidelines references from rescinded OMB memorandum M–04–04 to new guidelines in OMB memorandum M– 19–17. • Updated process for binding and termination of derived PIV credentials with PIV account. • Updated credentialing requirements for issuance of PIV Cards based on OPM guidance. • Added requirements for supervised remote identity proofing and PIV Card maintenance. • Modified identity proofing requirements to reflect updated list of accepted documents. • Updated guidance on validation of identity proofing documents. • Updated guidance on collection of biometric data for credentialing. • Clarified multi-session proofing and enrollment. • Clarified biometric modalities for proofing and authentication. • Provided clarification on grace periods. • Deprecated PIV National Agency Check with Written Inquiries (NACI) indicator (background investigation indicator). • Updated system description and associated diagrams. • Generalized chain of trust records to enrollment records and made these records required. • Deprecated the use of magnetic stripes and bar codes on PIV Cards. • Linked expiration of content signing certificate with card authentication certificate. • Revised PIN requirements based on SP 800–63B guidelines. • Removed requirement for support of legacy PKIs. • Expressed authentication assurance levels in terms of Physical Assurance Level (PAL) and Authenticator Assurance Level (AAL). PO 00000 Frm 00037 Fmt 4703 Sfmt 4703 • Removed previously deprecated Cardholder Unique Identifier (CHUID) authentication mechanisms. The CHUID data element has not been deprecated and continues to be mandatory. • Deprecated symmetric card authentication key and associated authentication mechanism (SYM–CAK). • Added support for secure messaging authentication mechanism (SM–AUTH). • Deprecated visual authentication mechanism (VIS). • Added section discussing federation in relationship to PIV credentials. A public workshop will be held for FIPS 201–3. The specific date will be determined and posted on the NIST Personal Identity Verification (PIV) website: https://csrc.nist.gov/Projects/ PIV. Before recommending these proposed changes to the Secretary of Commerce for review and approval, NIST invites comments from all interested parties. Authority: 44 U.S.C. 3553(f)(1), 15 U.S.C. 278g–3. Kevin Kimball, Chief of Staff. [FR Doc. 2020–24283 Filed 11–2–20; 8:45 am] BILLING CODE 3510–13–P DEPARTMENT OF COMMERCE National Oceanic and Atmospheric Administration Ocean Exploration Advisory Board (OEAB) Meeting Office of Ocean Exploration and Research (OER), National Oceanic and Atmospheric Administration (NOAA), Department of Commerce (DOC). ACTION: Notice of public meeting. AGENCY: This notice sets forth the schedule and proposed agenda for a meeting of the Ocean Exploration Advisory Board (OEAB). OEAB members will discuss and provide advice on Federal ocean exploration programs, with a particular emphasis on the topics identified in the section on Matters to Be Considered. DATES: The announced meeting is scheduled for Thursday, December 10, 2020, from 1:00 p.m. to 5:00 p.m. EST. ADDRESSES: This will be a virtual meeting. Information about how to participate will be posted to the OEAB website at http://oeab.noaa.gov. FOR FURTHER INFORMATION CONTACT: Mr. David McKinnie, Designated Federal Officer, Ocean Exploration Advisory SUMMARY: E:\FR\FM\03NON1.SGM 03NON1

Agencies

[Federal Register Volume 85, Number 213 (Tuesday, November 3, 2020)]
[Notices]
[Pages 69599-69600]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2020-24283]


-----------------------------------------------------------------------

DEPARTMENT OF COMMERCE

National Institute of Standards and Technology

[Docket No. [201023-0280]


Request for Comments on Federal Information Processing Standard 
(FIPS) 201-3

AGENCY: National Institute of Standards and Technology (NIST), 
Commerce.

ACTION: Notice; request for comments.

-----------------------------------------------------------------------

SUMMARY: The National Institute of Standards and Technology (NIST) 
requests comments on Draft Federal Information Processing Standard 
(FIPS) 201-3, Personal Identity Verification (PIV) of Federal Employees 
and Contractors (Standard). This Standard defines common credentials 
and authentication mechanisms offering varying degrees of security for 
both logical and physical access applications. The draft revision 
proposes changes to FIPS 201-2, Standard for Personal Identity 
Verification of Federal Employees and Contractors to include: Expanding 
specification on the use of additional PIV credentials known as derived 
PIV credentials, procedures for supervised remote identity proofing, 
the use of federation as a means for a relying system to interoperate 
with PIV credentials issued by other agencies, alignment with the 
current practice/policy of the Federal Government and specific changes 
requested by Federal agencies and implementers. Before recommending 
these proposed changes to the Secretary of Commerce for review and 
approval, NIST invites comments from all interested parties.

DATES: Comments on FIPS 201-3 must be received on or before February 1, 
2021.

ADDRESSES: The draft of FIPS 201-3 is available for review and comment 
on the NIST Computer Security Resource Center website at https://csrc.nist.gov and at https://www.regulations.gov/. Comments on FIPS 
201-3 may be sent

[[Page 69600]]

electronically to [email protected] with ``Comment on FIPS 201-3'' 
in the subject line or may be submitted via https://www.regulations.gov/. Comments may also be submitted on the project 
repository at https://github.com/usnistgov/FIPS201. Written comments 
may be submitted by mail to Information Technology Laboratory, ATTN: 
FIPS 201-3 Comments, National Institute of Standards and Technology, 
100 Bureau Drive, Mail Stop 8930, Gaithersburg, MD 20899-8930.
    All submissions, including attachments and other supporting 
materials, will become part of the public record and subject to public 
disclosure. NIST reserves the right to publish relevant comments, 
unedited and in their entirety. Relevant comments received by the 
deadline will be published electronically at https://csrc.nist.gov/, 
https://www.regulations.gov/ and the project repository at https://github.com/usnistgov/FIPS201 without change or redaction, so commenters 
should not include information they do not wish to be posted. Personal 
information, such as account numbers or Social Security numbers, or 
names of other individuals, should not be included. Do not submit 
confidential business information or otherwise sensitive or protected 
information. Comments that contain profanity, vulgarity, threats, or 
other inappropriate language or content will not be posted or 
considered.

FOR FURTHER INFORMATION CONTACT: Hildegard Ferraiolo, National 
Institute of Standards and Technology, 100 Bureau Drive, Mail Stop 
Number 8930, Gaithersburg, MD 20899-8930, email: [email protected], 
phone: (301) 975-6972.

SUPPLEMENTARY INFORMATION: FIPS 201 defines common credentials and 
authentication mechanisms offering varying degrees of security for both 
logical and physical access applications. Federal departments and 
agencies will determine the level of security and authentication 
mechanisms appropriate for their respective applications. The scope of 
this Standard is limited to authentication of an individual's identity. 
Authorization and access control decisions are outside the scope of 
this Standard. Moreover, requirements for a temporary credential used 
until a new or replacement PIV credential arrives are out of scope of 
this Standard.
    In accordance with NIST policy, FIPS 201-2 (the version of the 
Standard currently in effect) was due for review in 2018. In 
consideration of changes in the environment over the last several years 
and of specific requests for changes from Federal agencies, NIST 
determined that a revision of FIPS 201-2 is warranted. NIST has 
received numerous change requests, some of which, after analysis and 
coordination with the Office of Management and Budget (OMB), the Office 
of Personnel Management (OPM), and other Federal agencies, are 
incorporated in the Draft FIPS 201-3. Other change requests 
incorporated in the Draft FIPS 201-3 result from the 2019 Business 
Requirements Meeting held at NIST. The meeting focused on business 
requirements of Federal agencies. The proposed changes in Draft FIPS 
201-3 are:
     Alignment with SP 800-63-3 language and terms.
     Updated OMB policy guidelines references from rescinded 
OMB memorandum M-04-04 to new guidelines in OMB memorandum M-19-17.
     Updated process for binding and termination of derived PIV 
credentials with PIV account.
     Updated credentialing requirements for issuance of PIV 
Cards based on OPM guidance.
     Added requirements for supervised remote identity proofing 
and PIV Card maintenance.
     Modified identity proofing requirements to reflect updated 
list of accepted documents.
     Updated guidance on validation of identity proofing 
documents.
     Updated guidance on collection of biometric data for 
credentialing.
     Clarified multi-session proofing and enrollment.
     Clarified biometric modalities for proofing and 
authentication.
     Provided clarification on grace periods.
     Deprecated PIV National Agency Check with Written 
Inquiries (NACI) indicator (background investigation indicator).
     Updated system description and associated diagrams.
     Generalized chain of trust records to enrollment records 
and made these records required.
     Deprecated the use of magnetic stripes and bar codes on 
PIV Cards.
     Linked expiration of content signing certificate with card 
authentication certificate.
     Revised PIN requirements based on SP 800-63B guidelines.
     Removed requirement for support of legacy PKIs.
     Expressed authentication assurance levels in terms of 
Physical Assurance Level (PAL) and Authenticator Assurance Level (AAL).
     Removed previously deprecated Cardholder Unique Identifier 
(CHUID) authentication mechanisms. The CHUID data element has not been 
deprecated and continues to be mandatory.
     Deprecated symmetric card authentication key and 
associated authentication mechanism (SYM-CAK).
     Added support for secure messaging authentication 
mechanism (SM-AUTH).
     Deprecated visual authentication mechanism (VIS).
     Added section discussing federation in relationship to PIV 
credentials.
    A public workshop will be held for FIPS 201-3. The specific date 
will be determined and posted on the NIST Personal Identity 
Verification (PIV) website: https://csrc.nist.gov/Projects/PIV. Before 
recommending these proposed changes to the Secretary of Commerce for 
review and approval, NIST invites comments from all interested parties.

    Authority: 44 U.S.C. 3553(f)(1), 15 U.S.C. 278g-3.

Kevin Kimball,
Chief of Staff.
[FR Doc. 2020-24283 Filed 11-2-20; 8:45 am]
BILLING CODE 3510-13-P