National Institute of Standards and Technology July 15, 2005 – Federal Register Recent Federal Regulation Documents

The National Institute of Standards and Technology (NIST) announces the release of draft Federal Information Processing Standards (FIPS) Publication 200, Minimum Security Requirements for Federal Information and Information Systems for public comment. Draft FIPS Publication 200 is one of a series of security standards and guidelines that NIST is developing to help federal agencies implement their responsibilities under the Federal Information Security Management Act (FISMA). The FISMA requires that all federal agencies develop, document and implement agency-wide information security programs to protect federal information and information systems. Draft FIPS Publication 200, which will be used with other publications already issued by NIST, specifies minimum security requirements for federal information and information systems and a risk-based process for selecting the security controls necessary to satisfy the minimum requirements. Prior to the submission of this proposed standard to the Secretary of Commerce for review and approval, it is essential that consideration be given to the needs and views of the general public, the information technology industry, and federal, state, and local government organizations. The purpose of this notice is to solicit such views.

The National Institute of Standards and Technology (NIST) proposes to withdraw ten (10) Federal Information Processing Standards (FIPS) from the FIPS series. The standards proposed for withdrawal include FIPS 161-2, FIPS 183, FIPS 184, FIPS 192 and 192-1, which adopt voluntary industry standards for Federal government use. These FIPS are obsolete because they have not been updated to reference current or revised voluntary industry standards. In addition, FIPS 4-2, FIPS 5-2, FIPS 6-4, and FIPS 10-4, adopt specifications or data standards that are developed and maintained by other Federal government agencies or by voluntary industry standards organizations. These FIPS have not been updated to reflect the changes and modifications that have been made by the organizations that develop and maintain the specifications and data representations. FIPS 113, Computer Data Authentication, specifies an algorithm for generating and verifying a Message Authentication Code (MAC). Since the algorithm is based on the Data Encryption Standard, which has been recommended for withdrawal, NIST plans to recommend the use of newer techniques for data authentication based on more secure algorithms. Prior to the submission of this proposed withdrawal of FIPS to the Secretary of Commerce for review and approval, NIST invites comments from the public, users, the information technology industry, and Federal, State and local governments government organizations concerning the withdrawal of the FIPS.