National Institute of Standards and Technology March 2006 – Federal Register Recent Federal Regulation Documents

This notice announces the Secretary of Commerce's approval of Federal Information Processing Standard (FIPS) Publication 201-1, Standard for Personal Identity Verification of Federal Employees and Contractors. The changes to Section 2.2, PIV Identify Proofing and Registration Requirements, Section 4.3, Cryptographic Specifications, Section 5.2, PIV Identity Proofing and Registration Requirements, and to Section 5.3.1, PIV Card Issuance, clarify the identity proofing and registration process that departments and agencies should follow when issuing identity credentials. These changes are needed to make FIPS 201-1 consistent with the Memorandum for All Departments and Agencies (M-05-24), issued by the Office of Management and Budget on August 5, 2005, Implementation of Homeland Security Presidential Directive (HSPD) 12Policy for a Common Identification Standard for Federal Employees and Contractors.

This notice announces Draft Federal Information Processing Standard 186-3, Digital Signature Standard, for public review and comment. The draft standard, designated ``Draft FIPS 186-3,'' is proposed to revise and supersede FIPS 186-2. FIPS 186, first published in 1994, specifies a digital signature algorithm (DSA) to generate and verify digital signatures. Later revisions (FIPS 186-1 and FIPS 186-2, adopted in 1998 and 1999, respectively) adopt two additional algorithms specified in American National Standards (ANS) X9.31 (Digital Signatures Using Reversible Public Key Cryptography for the Financial Services Industry (rDSA)), and X9.62 (The Elliptic Curve Digital Signature Algorithm (ECDSA)). The original DSA algorithm, as specified in FIPS 186, 186-1 and 186-2, allows key sizes of 512 to 1024 bits. With advances in technology, it is prudent to consider larger key sizes. Draft FIPS 186- 3 allows the use of 1024, 2048 and 3072-bit keys. Other requirements have also been added concerning the use of ANS X9.31 and ANS X9.62. In addition, the use of the RSA algorithm as specified in Public Key Cryptography Standard (PKCS) 1 (RSA Cryptography Standard) is allowed. Prior to the submission of this proposed standard to the Secretary of Commerce for review and approval, it is essential that consideration is given to the needs and views of the public, users, the information technology industry, and Federal, State and local government organizations. The purpose of this notice is to solicit such views.

The American Petroleum Institute (API), with the assistance of other interested parties, continues to develop standards, both national and international, in several areas. This notice lists the standardization efforts currently being conducted by API committees. The publication of this notice by the National Institute of Standards and Technology (NIST) on behalf of API is being undertaken as a public service. NIST does not necessarily endorse, approve, or recommend the standards referenced.

The Department of Commerce (DOC), as part of its continuing effort to reduce paperwork and respondent burden, invites the general public and other Federal agencies to comment on the continuing and proposed information collection, as required by the Paperwork Reduction Act of 1995, Public Law 104-13 (44 U.S.C. 3506(c)(2)(A)).