National Cybersecurity Center of Excellence (NCCoE) Migration to Post-Quantum Cryptography, 56898-56900 [2021-22223]
Download as PDF
<![CDATA[
56898
Federal Register / Vol. 86, No. 195 / Wednesday, October 13, 2021 / Notices
wind towers or sections thereof, unless those
components are shipped with the tower
sections.
Merchandise covered by this investigation
is currently classified in the Harmonized
Tariff Schedule of the United States (HTSUS)
under subheading 7308.20.0020 or
8502.31.0000. Wind towers of iron or steel
are classified under HTSUS 7308.20.0020
when imported separately as a tower or tower
section(s). Wind towers may be classified
under HTSUS 8502.31.0000 when imported
as combination goods with a wind turbine
(i.e., accompanying nacelles and/or rotor
blades). While the HTSUS subheadings are
provided for convenience and customs
purposes, the written description of the
scope of the investigation is dispositive.
Appendix II
jspears on DSK121TN23PROD with NOTICES1
List of Topics Discussed in the Issues and
Decision Memorandum
I. Summary
II. Background
III. Use of Facts Otherwise Available and
Adverse Inferences
IV. Subsidies Valuation Information
V. Analysis of Programs
VI. Analysis of Comments
Comment 1: Whether Commerce Should
Apply Adverse Facts Available (AFA) to
Vestas Wind Technology India Private
Limited (Vestas)
Comment 2: Whether the Advance
Authorization Program (AAP) is Tied to
Non-Subject Merchandise
Comment 3: Whether Commerce Should
Revise its Benefit Methodology for the
Duty Drawback (DDB) Program
Comment 4: Whether Commerce
Unlawfully Cumulated Vestas’s Benefits
With the Benefits of its Tollers
Comment 5: Whether the Merchandise
Export Incentive Scheme (MEIS)
Program is Tied to Non-Subject
Merchandise
Comment 6: Whether the Provision of Land
for Less Than Adequate Remuneration
(LTAR) by the Gujarat Industrial
Development Corporation (GIDC) is
Specific and Confers Countervailable
Benefits
Comment 7: Whether the Provision of
Water for LTAR Conferred a Benefit
Comment 8: Whether Commerce Correctly
Attributed Benefits for the Export
Promotion of Capital Goods (EPCG)
Program
Comment 9: Whether the AAP and DDB
Programs are Countervailable Under the
Agreement on Subsidies and
Countervailing Measures (SCM
Agreement)
Comment 10: Whether Commerce Correctly
Applied AFA to the Government of India
(GOI)
Comment 11: Whether Commerce Correctly
Initiated New Subsidy Allegations
(NSAs)
VII. Recommendation
[FR Doc. 2021–22246 Filed 10–12–21; 8:45 am]
BILLING CODE 3510–DS–P
VerDate Sep<11>2014
18:01 Oct 12, 2021
Jkt 256001
DEPARTMENT OF COMMERCE
National Institute of Standards and
Technology
[Docket No.: 210915–0186]
National Cybersecurity Center of
Excellence (NCCoE) Migration to PostQuantum Cryptography
National Institute of Standards
and Technology, Department of
Commerce.
ACTION: Notice.
AGENCY:
The National Institute of
Standards and Technology (NIST)
invites organizations to provide letters
of interest describing products and
technical expertise to support and
demonstrate security platforms for the
Migration to Post-Quantum
Cryptography project. This notice is the
initial step for the National
Cybersecurity Center of Excellence
(NCCoE) in collaborating with
technology companies to address
cybersecurity challenges identified
under the Migration to Post-Quantum
Cryptography project. Participation in
the project is open to all interested
organizations.
DATES: Collaborative activities will
commence as soon as enough completed
and signed letters of interest have been
returned to address all the necessary
components and capabilities, but no
earlier than November 12, 2021.
ADDRESSES: The NCCoE is located at
9700 Great Seneca Highway, Rockville,
MD 20850. Letters of interest must be
submitted to applied-crypto-pqc@
nist.gov or via hardcopy to National
Institute of Standards and Technology,
NCCoE; 9700 Great Seneca Highway,
Rockville, MD 20850. Interested parties
can access the letter of interest template
by visiting the website and completing
the letter of interest webform. NIST will
announce the completion of the
selection of participants and inform the
public that it is no longer accepting
letters of interest for this project at
https://www.nccoe.nist.gov/projects/
building-blocks/post-quantumcryptography. Organizations whose
letters of interest are accepted will be
asked to sign a consortium Cooperative
Research and Development Agreement
(CRADA) with NIST; a template CRADA
can be found at: https://nccoe.nist.gov/
library/nccoe-consortium-cradaexample.
FOR FURTHER INFORMATION CONTACT:
William Newhouse via telephone 301–
975–0232; by email applied-cryptopqc@nist.gov; or by mail to National
Institute of Standards and Technology,
SUMMARY:
PO 00000
Frm 00014
Fmt 4703
Sfmt 4703
NCCoE; 9700 Great Seneca Highway,
Rockville, MD 20850. Additional details
about the Migration to Post-Quantum
Cryptography project are available at
https://www.nccoe.nist.gov/projects/
building-blocks/post-quantumcryptography.
SUPPLEMENTARY INFORMATION:
Background: The NCCoE, part of
NIST, is a public-private collaboration
for accelerating the widespread
adoption of integrated cybersecurity
tools and technologies. The NCCoE
brings together experts from industry,
government, and academia under one
roof to develop practical, interoperable
cybersecurity approaches that address
the real-world needs of complex
Information Technology (IT) systems.
By accelerating dissemination and use
of these integrated tools and
technologies for protecting IT assets, the
NCCoE will enhance trust in U.S. IT
communications, data, and storage
systems; reduce risk for companies and
individuals using IT systems; and
encourage development of innovative,
job-creating cybersecurity products and
services.
Process: NIST is soliciting responses
from all sources of relevant security
capabilities (see below) to enter into a
Cooperative Research and Development
Agreement (CRADA) to provide
products and technical expertise to
support and demonstrate security
platforms for the Migration to PostQuantum Cryptography project. The full
project can be viewed at: https://
www.nccoe.nist.gov/projects/buildingblocks/post-quantum-cryptography.
Interested parties can access the
template for a letter of interest by
visiting the project website at https://
www.nccoe.nist.gov/projects/buildingblocks/post-quantum-cryptography and
completing the letter of interest
webform. On completion of the
webform, interested parties will receive
access to the letter of interest template,
which the party must complete, certify
as accurate, and submit to NIST by
email or hardcopy. NIST will contact
interested parties if there are questions
regarding the responsiveness of the
letters of interest to the project objective
or requirements identified below. NIST
will select participants who have
submitted complete letters of interest on
a first come, first served basis within
each category of product components or
capabilities listed below, up to the
number of participants in each category
necessary to carry out this project.
When the project has been completed,
NIST will post a notice on the Migration
to Post-Quantum Cryptography project
website at https://www.nccoe.nist.gov/
E:\FR\FM\13OCN1.SGM
13OCN1
jspears on DSK121TN23PROD with NOTICES1
Federal Register / Vol. 86, No. 195 / Wednesday, October 13, 2021 / Notices
projects/building-blocks/post-quantumcryptography announcing the
completion of the project and informing
the public that it is no longer accepting
letters of interest for this project.
Completed letters of interest should
be submitted to NIST and will be
accepted on a first come, first served
basis. There may be continuing
opportunity to participate even after
initial activity commences for
participants who were not selected
initially or have submitted the letter of
interest after the selection process.
Selected participants will be required to
enter into a consortium CRADA with
NIST (for reference, see ADDRESSES
section above).
Project Objective: The advent of
quantum computing technology will
compromise many of the current
cryptographic algorithms, especially
public-key cryptography, which are
widely used to protect digital
information. Work on the development
of quantum-resistant public-key
cryptographic standards is underway,
and algorithm selection is expected to
be completed in the next one to two
years (https://csrc.nist.gov/projects/
post-quantum-cryptography).
Replacement of cryptographic
algorithms is both technically and
logistically challenging. It can take years
or even decades to complete. In order to
address these challenges, the NCCoE is
undertaking a practical demonstration
of technology and tools that can provide
a head start on executing a migration
roadmap in collaboration with a public
and private sector community of
interest.
To meet the need to accelerate
migration to quantum-resistant
cryptography, the NCCoE Migration to
Post-Quantum Cryptography project
will demonstrate tools for discovery of
quantum-vulnerable cryptographic code
or dependencies on such code. The
tools to be demonstrated provide
automation assistance in identifying
where and how public-key cryptography
is being used in data centers onpremises or in the cloud and distributed
compute, storage, and network
infrastructures. The project can also
contribute to updates to standards,
guidelines, regulations, hardware,
firmware, operating systems,
communication protocols,
cryptographic libraries, and applications
that employ cryptography. The audience
for the project includes developers of
products that use public-key
cryptographic algorithms, integrators of
such products, customer organizations
that acquire or configure such products,
and bodies that standardize protocols
VerDate Sep<11>2014
18:01 Oct 12, 2021
Jkt 256001
that employ or are dependent on publickey cryptographic algorithms.
The proposed proof-of-concept
solution(s) will integrate commercial
and open source products that leverage
cybersecurity standards and
recommended practices to demonstrate
the use case scenarios detailed in the
Migration to Post-Quantum
Cryptography project description at
https://www.nccoe.nist.gov/projects/
building-blocks/post-quantumcryptography. This project will result in
a publicly available NIST Cybersecurity
Practice Guide as a Special Publication
1800 series, a detailed implementation
guide describing the practical steps
needed to implement a cybersecurity
reference implementation. Supporting
outputs may include playbook, tools,
code, and white papers.
Requirements for Letters of Interest:
Each responding organization’s letter of
interest should identify which security
platform component(s) or capability(ies)
it is offering. Letters of interest should
not include company proprietary
information, and all components and
capabilities must be commercially
available. Components are listed in
section 3 of the Migration to PostQuantum Cryptography project
description at https://
www.nccoe.nist.gov/projects/buildingblocks/post-quantum-cryptography and
include, but are not limited to:
• General IT components:
Æ Compute, storage, and network
resources necessary to running
cryptographic code detection tools
Æ cloud services
• Functional security components:
Æ The data security component
Æ the endpoint security component
Æ the identity and access
management component
Æ the security analytics component
• Devices and network infrastructure
components:
Æ Assets including the devices/
endpoints
Æ core enterprise resources such as
applications/services
Æ network infrastructure components
• Approaches and tools for discovering
public-key cryptography
components in:
Æ Operating systems
Æ application code
Æ hardware implementing,
controlling, or accelerating crypto
functionality
• Approaches and tools for discovering
algorithm migration impacts on:
Æ Communications and network
protocols
Æ key management protocols,
processes, and procedures
PO 00000
Frm 00015
Fmt 4703
Sfmt 4703
56899
Æ network management protocols,
processes, and procedures
Æ business processes and procedures
Each responding organization’s letter
of interest should identify how their
products help address one or more of
the following demonstration scenarios
in section 2 of the Migration to PostQuantum Cryptography project
description at https://
www.nccoe.nist.gov/projects/buildingblocks/post-quantum-cryptography:
• FIPS–140 validated hardware and
software modules that employ
quantum-vulnerable public-key
cryptography
• Cryptographic libraries that include
quantum-vulnerable public-key
cryptography
• Cryptographic applications and
cryptographic support applications
that include or are focused on
quantum-vulnerable public-key
cryptography
• Embedded quantum-vulnerable
cryptographic code in computing
platforms
• Communication protocols widely
deployed in different industry sectors
that leverage quantum-vulnerable
cryptographic algorithms
Considerations for desired
characteristics include:
• All candidate quantum-resistant
replacements for quantum-vulnerable
public-key algorithms should have a
security strength at least equivalent to
that possessed by the quantumvulnerable algorithm being replaced,
where the security strength of the
algorithm being replaced is measured in
the absence of quantum computing.
• Any suggestion for replacement of a
quantum-vulnerable public-key
algorithm by a compensating control(s)
should be accompanied by an
explanation of how the compensating
control provides relevant confidentiality
and integrity protection commensurate
with that currently being provided in
the absence of quantum computing.
• Any projected performance
degradation resulting from a suggested
replacement of a quantum-vulnerable
public-key algorithm by a NIST
candidate quantum-resistant algorithm
should be characterized in the project
findings.
In their letters of interest, responding
organizations need to acknowledge the
importance of and commit to provide:
1. Access for all participants’ project
teams to component interfaces and the
organization’s experts necessary to make
functional connections among security
platform components.
2. Support for development and
demonstration of the Migration to Post-
E:\FR\FM\13OCN1.SGM
13OCN1
56900
Federal Register / Vol. 86, No. 195 / Wednesday, October 13, 2021 / Notices
jspears on DSK121TN23PROD with NOTICES1
Quantum Cryptography project, which
will be conducted in a manner
consistent with the most recent version
of the following standards and
guidance: FIPS 200, SP 800–37, SP 800–
52, SP 800–53, SP 800–63, and SP
1800–16. Additional details about the
Migration to Post-Quantum
Cryptography project are available at
https://www.nccoe.nist.gov/projects/
building-blocks/post-quantumcryptography.
NIST cannot guarantee that all of the
products proposed by respondents will
be used in the demonstration. Each
prospective participant will be expected
to work collaboratively with NIST staff
and other project participants under the
terms of the consortium CRADA in the
development of the Migration to PostQuantum Cryptography project.
Prospective participants’ contribution to
the collaborative effort will include
assistance in establishing the necessary
interface functionality, connection and
set-up capabilities and procedures,
demonstration harnesses, environmental
and safety conditions for use, integrated
platform user instructions, and
demonstration plans and scripts
necessary to demonstrate the desired
capabilities. Each participant will train
NIST personnel, as necessary, to operate
its product in capability
demonstrations. Following successful
demonstrations, NIST will publish a
description of the security platform and
its performance characteristics sufficient
to permit other organizations to develop
and deploy security platforms that meet
the security objectives of the Migration
to Post-Quantum Cryptography project.
These descriptions will be public
information.
Under the terms of the consortium
CRADA, NIST will support
development of interfaces among
VerDate Sep<11>2014
18:01 Oct 12, 2021
Jkt 256001
participants’ products by providing IT
infrastructure, laboratory facilities,
office facilities, collaboration facilities,
and staff support to component
composition, security platform
documentation, and demonstration
activities.
The dates of the demonstration of the
Migration to Post-Quantum
Cryptography project capability will be
announced on the NCCoE website at
least two weeks in advance at https://
nccoe.nist.gov/. The expected outcome
will demonstrate how the components
of the solutions that address Migration
to Post-Quantum Cryptography can
enhance security capabilities that
provide assurance of mitigation of
identified risks while continuing to
meet industry sectors’ compliance
requirements. Participating
organizations will gain from the
knowledge that their products are
interoperable with other participants’
offerings.
For additional information on the
NCCoE governance, business processes,
and NCCoE operational structure, visit
the NCCoE website https://
nccoe.nist.gov/.
Alicia Chambers,
NIST Executive Secretariat.
[FR Doc. 2021–22223 Filed 10–12–21; 8:45 am]
BILLING CODE 3510–13–P
DEPARTMENT OF COMMERCE
National Oceanic and Atmospheric
Administration
Atmospheric Administration (NOAA),
Commerce.
Notice; issuance of permits and
permit amendments.
ACTION:
Notice is hereby given that
permits and permit amendments have
been issued to the following entities
under the Marine Mammal Protection
Act (MMPA) and the Endangered
Species Act (ESA), as applicable.
SUMMARY:
The permits and related
documents are available for review
upon written request via email to
NMFS.Pr1Comments@noaa.gov.
ADDRESSES:
FOR FURTHER INFORMATION CONTACT:
Shasta McClenahan, Ph.D. (Permit Nos.
19592–01 and 25739), Jennifer
Skidmore (Permit No. 24054), Amy
Hapeman (Permit Nos. 24140, 24368,
25691, 25694, and 25696), and Carrie
Hubard (Permit No. 19225); at (301)
427–8401.
Notices
were published in the Federal Register
on the dates listed below that requests
for a permit or permit amendment had
been submitted by the below-named
applicants. To locate the Federal
Register notice that announced our
receipt of the application and a
complete description of the activities, go
to www.federalregister.gov and search
on the permit number provided in Table
1 below.
SUPPLEMENTARY INFORMATION:
BILLING CODE 3510–22–P
[RTID 0648–XB503]
Marine Mammals and Endangered
Species
National Marine Fisheries
Service (NMFS), National Oceanic and
AGENCY:
PO 00000
Frm 00016
Fmt 4703
Sfmt 4703
E:\FR\FM\13OCN1.SGM
13OCN1
]]>Agencies
[Federal Register Volume 86, Number 195 (Wednesday, October 13, 2021)]
[Notices]
[Pages 56898-56900]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2021-22223]
-----------------------------------------------------------------------
DEPARTMENT OF COMMERCE
National Institute of Standards and Technology
[Docket No.: 210915-0186]
National Cybersecurity Center of Excellence (NCCoE) Migration to
Post-Quantum Cryptography
AGENCY: National Institute of Standards and Technology, Department of
Commerce.
ACTION: Notice.
-----------------------------------------------------------------------
SUMMARY: The National Institute of Standards and Technology (NIST)
invites organizations to provide letters of interest describing
products and technical expertise to support and demonstrate security
platforms for the Migration to Post-Quantum Cryptography project. This
notice is the initial step for the National Cybersecurity Center of
Excellence (NCCoE) in collaborating with technology companies to
address cybersecurity challenges identified under the Migration to
Post-Quantum Cryptography project. Participation in the project is open
to all interested organizations.
DATES: Collaborative activities will commence as soon as enough
completed and signed letters of interest have been returned to address
all the necessary components and capabilities, but no earlier than
November 12, 2021.
ADDRESSES: The NCCoE is located at 9700 Great Seneca Highway,
Rockville, MD 20850. Letters of interest must be submitted to [email protected] or via hardcopy to National Institute of Standards
and Technology, NCCoE; 9700 Great Seneca Highway, Rockville, MD 20850.
Interested parties can access the letter of interest template by
visiting the website and completing the letter of interest webform.
NIST will announce the completion of the selection of participants and
inform the public that it is no longer accepting letters of interest
for this project at https://www.nccoe.nist.gov/projects/building-blocks/post-quantum-cryptography. Organizations whose letters of
interest are accepted will be asked to sign a consortium Cooperative
Research and Development Agreement (CRADA) with NIST; a template CRADA
can be found at: https://nccoe.nist.gov/library/nccoe-consortium-crada-example.
FOR FURTHER INFORMATION CONTACT: William Newhouse via telephone 301-
975-0232; by email [email protected]; or by mail to National
Institute of Standards and Technology, NCCoE; 9700 Great Seneca
Highway, Rockville, MD 20850. Additional details about the Migration to
Post-Quantum Cryptography project are available at https://www.nccoe.nist.gov/projects/building-blocks/post-quantum-cryptography.
SUPPLEMENTARY INFORMATION:
Background: The NCCoE, part of NIST, is a public-private
collaboration for accelerating the widespread adoption of integrated
cybersecurity tools and technologies. The NCCoE brings together experts
from industry, government, and academia under one roof to develop
practical, interoperable cybersecurity approaches that address the
real-world needs of complex Information Technology (IT) systems. By
accelerating dissemination and use of these integrated tools and
technologies for protecting IT assets, the NCCoE will enhance trust in
U.S. IT communications, data, and storage systems; reduce risk for
companies and individuals using IT systems; and encourage development
of innovative, job-creating cybersecurity products and services.
Process: NIST is soliciting responses from all sources of relevant
security capabilities (see below) to enter into a Cooperative Research
and Development Agreement (CRADA) to provide products and technical
expertise to support and demonstrate security platforms for the
Migration to Post-Quantum Cryptography project. The full project can be
viewed at: https://www.nccoe.nist.gov/projects/building-blocks/post-quantum-cryptography.
Interested parties can access the template for a letter of interest
by visiting the project website at https://www.nccoe.nist.gov/projects/building-blocks/post-quantum-cryptography and completing the letter of
interest webform. On completion of the webform, interested parties will
receive access to the letter of interest template, which the party must
complete, certify as accurate, and submit to NIST by email or hardcopy.
NIST will contact interested parties if there are questions regarding
the responsiveness of the letters of interest to the project objective
or requirements identified below. NIST will select participants who
have submitted complete letters of interest on a first come, first
served basis within each category of product components or capabilities
listed below, up to the number of participants in each category
necessary to carry out this project. When the project has been
completed, NIST will post a notice on the Migration to Post-Quantum
Cryptography project website at https://www.nccoe.nist.gov/
[[Page 56899]]
projects/building-blocks/post-quantum-cryptography announcing the
completion of the project and informing the public that it is no longer
accepting letters of interest for this project.
Completed letters of interest should be submitted to NIST and will
be accepted on a first come, first served basis. There may be
continuing opportunity to participate even after initial activity
commences for participants who were not selected initially or have
submitted the letter of interest after the selection process. Selected
participants will be required to enter into a consortium CRADA with
NIST (for reference, see ADDRESSES section above).
Project Objective: The advent of quantum computing technology will
compromise many of the current cryptographic algorithms, especially
public-key cryptography, which are widely used to protect digital
information. Work on the development of quantum-resistant public-key
cryptographic standards is underway, and algorithm selection is
expected to be completed in the next one to two years (https://csrc.nist.gov/projects/post-quantum-cryptography). Replacement of
cryptographic algorithms is both technically and logistically
challenging. It can take years or even decades to complete. In order to
address these challenges, the NCCoE is undertaking a practical
demonstration of technology and tools that can provide a head start on
executing a migration roadmap in collaboration with a public and
private sector community of interest.
To meet the need to accelerate migration to quantum-resistant
cryptography, the NCCoE Migration to Post-Quantum Cryptography project
will demonstrate tools for discovery of quantum-vulnerable
cryptographic code or dependencies on such code. The tools to be
demonstrated provide automation assistance in identifying where and how
public-key cryptography is being used in data centers on-premises or in
the cloud and distributed compute, storage, and network
infrastructures. The project can also contribute to updates to
standards, guidelines, regulations, hardware, firmware, operating
systems, communication protocols, cryptographic libraries, and
applications that employ cryptography. The audience for the project
includes developers of products that use public-key cryptographic
algorithms, integrators of such products, customer organizations that
acquire or configure such products, and bodies that standardize
protocols that employ or are dependent on public-key cryptographic
algorithms.
The proposed proof-of-concept solution(s) will integrate commercial
and open source products that leverage cybersecurity standards and
recommended practices to demonstrate the use case scenarios detailed in
the Migration to Post-Quantum Cryptography project description at
https://www.nccoe.nist.gov/projects/building-blocks/post-quantum-cryptography. This project will result in a publicly available NIST
Cybersecurity Practice Guide as a Special Publication 1800 series, a
detailed implementation guide describing the practical steps needed to
implement a cybersecurity reference implementation. Supporting outputs
may include playbook, tools, code, and white papers.
Requirements for Letters of Interest: Each responding
organization's letter of interest should identify which security
platform component(s) or capability(ies) it is offering. Letters of
interest should not include company proprietary information, and all
components and capabilities must be commercially available. Components
are listed in section 3 of the Migration to Post-Quantum Cryptography
project description at https://www.nccoe.nist.gov/projects/building-blocks/post-quantum-cryptography and include, but are not limited to:
General IT components:
[cir] Compute, storage, and network resources necessary to running
cryptographic code detection tools
[cir] cloud services
Functional security components:
[cir] The data security component
[cir] the endpoint security component
[cir] the identity and access management component
[cir] the security analytics component
Devices and network infrastructure components:
[cir] Assets including the devices/endpoints
[cir] core enterprise resources such as applications/services
[cir] network infrastructure components
Approaches and tools for discovering public-key cryptography
components in:
[cir] Operating systems
[cir] application code
[cir] hardware implementing, controlling, or accelerating crypto
functionality
Approaches and tools for discovering algorithm migration
impacts on:
[cir] Communications and network protocols
[cir] key management protocols, processes, and procedures
[cir] network management protocols, processes, and procedures
[cir] business processes and procedures
Each responding organization's letter of interest should identify
how their products help address one or more of the following
demonstration scenarios in section 2 of the Migration to Post-Quantum
Cryptography project description at https://www.nccoe.nist.gov/projects/building-blocks/post-quantum-cryptography:
FIPS-140 validated hardware and software modules that employ
quantum-vulnerable public-key cryptography
Cryptographic libraries that include quantum-vulnerable
public-key cryptography
Cryptographic applications and cryptographic support
applications that include or are focused on quantum-vulnerable public-
key cryptography
Embedded quantum-vulnerable cryptographic code in computing
platforms
Communication protocols widely deployed in different industry
sectors that leverage quantum-vulnerable cryptographic algorithms
Considerations for desired characteristics include:
All candidate quantum-resistant replacements for quantum-
vulnerable public-key algorithms should have a security strength at
least equivalent to that possessed by the quantum-vulnerable algorithm
being replaced, where the security strength of the algorithm being
replaced is measured in the absence of quantum computing.
Any suggestion for replacement of a quantum-vulnerable
public-key algorithm by a compensating control(s) should be accompanied
by an explanation of how the compensating control provides relevant
confidentiality and integrity protection commensurate with that
currently being provided in the absence of quantum computing.
Any projected performance degradation resulting from a
suggested replacement of a quantum-vulnerable public-key algorithm by a
NIST candidate quantum-resistant algorithm should be characterized in
the project findings.
In their letters of interest, responding organizations need to
acknowledge the importance of and commit to provide:
1. Access for all participants' project teams to component
interfaces and the organization's experts necessary to make functional
connections among security platform components.
2. Support for development and demonstration of the Migration to
Post-
[[Page 56900]]
Quantum Cryptography project, which will be conducted in a manner
consistent with the most recent version of the following standards and
guidance: FIPS 200, SP 800-37, SP 800-52, SP 800-53, SP 800-63, and SP
1800-16. Additional details about the Migration to Post-Quantum
Cryptography project are available at https://www.nccoe.nist.gov/projects/building-blocks/post-quantum-cryptography.
NIST cannot guarantee that all of the products proposed by
respondents will be used in the demonstration. Each prospective
participant will be expected to work collaboratively with NIST staff
and other project participants under the terms of the consortium CRADA
in the development of the Migration to Post-Quantum Cryptography
project. Prospective participants' contribution to the collaborative
effort will include assistance in establishing the necessary interface
functionality, connection and set-up capabilities and procedures,
demonstration harnesses, environmental and safety conditions for use,
integrated platform user instructions, and demonstration plans and
scripts necessary to demonstrate the desired capabilities. Each
participant will train NIST personnel, as necessary, to operate its
product in capability demonstrations. Following successful
demonstrations, NIST will publish a description of the security
platform and its performance characteristics sufficient to permit other
organizations to develop and deploy security platforms that meet the
security objectives of the Migration to Post-Quantum Cryptography
project. These descriptions will be public information.
Under the terms of the consortium CRADA, NIST will support
development of interfaces among participants' products by providing IT
infrastructure, laboratory facilities, office facilities, collaboration
facilities, and staff support to component composition, security
platform documentation, and demonstration activities.
The dates of the demonstration of the Migration to Post-Quantum
Cryptography project capability will be announced on the NCCoE website
at least two weeks in advance at https://nccoe.nist.gov/. The expected
outcome will demonstrate how the components of the solutions that
address Migration to Post-Quantum Cryptography can enhance security
capabilities that provide assurance of mitigation of identified risks
while continuing to meet industry sectors' compliance requirements.
Participating organizations will gain from the knowledge that their
products are interoperable with other participants' offerings.
For additional information on the NCCoE governance, business
processes, and NCCoE operational structure, visit the NCCoE website
https://nccoe.nist.gov/.
Alicia Chambers,
NIST Executive Secretariat.
[FR Doc. 2021-22223 Filed 10-12-21; 8:45 am]
BILLING CODE 3510-13-P
