FW: 140-x Status?
Paul Suhler
Paul.Suhler at hgst.com
Wed Aug 12 18:03:02 PDT 2015
Formatted message: <a href="http://www.t10.org/cgi-bin/ac.pl?t=r&f=r1508121_f.htm">HTML-formatted message</a>
Hi, SCSI security folks.
Here are some comments on FIPS 140-whatever from an acquaintance at a
security lab. No actions needed (I think) in SFSC beyond what we agreed to
today.
Your company may want to contact NIST in regard to the request that came out
today (quoted below).
Cheers,
Paul
________________________________
The previous CMVP Program Manager was very clear in telling us that 140-3
will never see the light of day. Now that the Program Manager is a different
individual, maybe that is changing. I highly doubt it, but I really don't
know.
All references should be to 140-2. At this point, I can't say for certain
that 140-4 is dead, but they are already starting to consider 140-5. I
really have no idea what the next revision of 140-2 will be.
Interestingly enough, the following message was distributed to labs today:
NIST requests comments on using ISO/IEC 19790:2012 as the U.S. Federal
Standard for cryptographic modules
NIST is seeking public
comments<http://links.govdelivery.com:80/track?type=click&enid=ZWFzPTEmbWFpbG
luZ2lkPTIwMTUwODEyLjQ4MDQ3MzExJm1lc3NhZ2VpZD1NREItUFJELUJVTC0yMDE1MDgxMi40ODA
0NzMxMSZkYXRhYmFzZWlkPTEwMDEmc2VyaWFsPTE3MTcyNzEzJmVtYWlsaWQ9bWlyZWxhbmRAaW5m
b2dhcmQuY29tJnVzZXJpZD1taXJlbGFuZEBpbmZvZ2FyZC5jb20mZmw9JmV4dHJhPU11bHRpdmFya
WF0ZUlkPSYmJg==&&&100&&&https://federalregister.gov/a/2015-19743> on using
International Organization for Standardization/International Electrotechnical
Commission (ISO/IEC) standards for cryptographic algorithm and cryptographic
module testing, conformance, and validation activities, currently specified
by Federal Information Processing Standard (FIPS)
140-2<http://links.govdelivery.com:80/track?type=click&enid=ZWFzPTEmbWFpbGluZ
2lkPTIwMTUwODEyLjQ4MDQ3MzExJm1lc3NhZ2VpZD1NREItUFJELUJVTC0yMDE1MDgxMi40ODA0Nz
MxMSZkYXRhYmFzZWlkPTEwMDEmc2VyaWFsPTE3MTcyNzEzJmVtYWlsaWQ9bWlyZWxhbmRAaW5mb2d
hcmQuY29tJnVzZXJpZD1taXJlbGFuZEBpbmZvZ2FyZC5jb20mZmw9JmV4dHJhPU11bHRpdmFyaWF0
ZUlkPSYmJg==&&&101&&&http://csrc.nist.gov/publications/PubsFIPS.html#140-2>.
The National Technology Transfer and Advancement Act (NTTAA), Public Law
104-113<http://links.govdelivery.com:80/track?type=click&enid=ZWFzPTEmbWFpbGl
uZ2lkPTIwMTUwODEyLjQ4MDQ3MzExJm1lc3NhZ2VpZD1NREItUFJELUJVTC0yMDE1MDgxMi40ODA0
NzMxMSZkYXRhYmFzZWlkPTEwMDEmc2VyaWFsPTE3MTcyNzEzJmVtYWlsaWQ9bWlyZWxhbmRAaW5mb
2dhcmQuY29tJnVzZXJpZD1taXJlbGFuZEBpbmZvZ2FyZC5jb20mZmw9JmV4dHJhPU11bHRpdmFyaW
F0ZUlkPSYmJg==&&&102&&&http://www.gpo.gov/fdsys/pkg/PLAW-104publ113/html/PLAW
-104publ113.htm>, directs federal agencies to adopt voluntary consensus
standards wherever possible. The responses to this request for information
(RFI) will be used to plan possible changes to the FIPS or in a decision to
use all or part of ISO/IEC
19790:2012<http://links.govdelivery.com:80/track?type=click&enid=ZWFzPTEmbWFp
bGluZ2lkPTIwMTUwODEyLjQ4MDQ3MzExJm1lc3NhZ2VpZD1NREItUFJELUJVTC0yMDE1MDgxMi40O
DA0NzMxMSZkYXRhYmFzZWlkPTEwMDEmc2VyaWFsPTE3MTcyNzEzJmVtYWlsaWQ9bWlyZWxhbmRAaW
5mb2dhcmQuY29tJnVzZXJpZD1taXJlbGFuZEBpbmZvZ2FyZC5jb20mZmw9JmV4dHJhPU11bHRpdmF
yaWF0ZUlkPSYmJg==&&&103&&&http://www.iso.org/iso/home/store/catalogue_tc/cata
logue_detail.htm?csnumber=52906>, Security Requirements for Cryptographic
Modules, for testing, conformance and validation of cryptographic algorithms
and modules.
The
**RFI<http://links.govdelivery.com:80/track?type=click&enid=ZWFzPTEmbWFpbGluZ
2lkPTIwMTUwODEyLjQ4MDQ3MzExJm1lc3NhZ2VpZD1NREItUFJELUJVTC0yMDE1MDgxMi40ODA0Nz
MxMSZkYXRhYmFzZWlkPTEwMDEmc2VyaWFsPTE3MTcyNzEzJmVtYWlsaWQ9bWlyZWxhbmRAaW5mb2d
hcmQuY29tJnVzZXJpZD1taXJlbGFuZEBpbmZvZ2FyZC5jb20mZmw9JmV4dHJhPU11bHRpdmFyaWF0
ZUlkPSYmJg==&&&104&&&https://federalregister.gov/a/2015-19743> posted in
today's Federal Register provides additional background
information<http://links.govdelivery.com:80/track?type=click&enid=ZWFzPTEmbWF
pbGluZ2lkPTIwMTUwODEyLjQ4MDQ3MzExJm1lc3NhZ2VpZD1NREItUFJELUJVTC0yMDE1MDgxMi40
ODA0NzMxMSZkYXRhYmFzZWlkPTEwMDEmc2VyaWFsPTE3MTcyNzEzJmVtYWlsaWQ9bWlyZWxhbmRAa
W5mb2dhcmQuY29tJnVzZXJpZD1taXJlbGFuZEBpbmZvZ2FyZC5jb20mZmw9JmV4dHJhPU11bHRpdm
FyaWF0ZUlkPSYmJg==&&&105&&&http://www.federalregister.gov/a/2015-19743/p-8>,
including seven
questions<http://links.govdelivery.com:80/track?type=click&enid=ZWFzPTEmbWFpb
GluZ2lkPTIwMTUwODEyLjQ4MDQ3MzExJm1lc3NhZ2VpZD1NREItUFJELUJVTC0yMDE1MDgxMi40OD
A0NzMxMSZkYXRhYmFzZWlkPTEwMDEmc2VyaWFsPTE3MTcyNzEzJmVtYWlsaWQ9bWlyZWxhbmRAaW5
mb2dhcmQuY29tJnVzZXJpZD1taXJlbGFuZEBpbmZvZ2FyZC5jb20mZmw9JmV4dHJhPU11bHRpdmFy
aWF0ZUlkPSYmJg==&&&106&&&http://www.federalregister.gov/a/2015-19743/p-11>
that NIST is especially interested in having addressed, as well as NIST's
intentions<http://links.govdelivery.com:80/track?type=click&enid=ZWFzPTEmbWFp
bGluZ2lkPTIwMTUwODEyLjQ4MDQ3MzExJm1lc3NhZ2VpZD1NREItUFJELUJVTC0yMDE1MDgxMi40O
DA0NzMxMSZkYXRhYmFzZWlkPTEwMDEmc2VyaWFsPTE3MTcyNzEzJmVtYWlsaWQ9bWlyZWxhbmRAaW
5mb2dhcmQuY29tJnVzZXJpZD1taXJlbGFuZEBpbmZvZ2FyZC5jb20mZmw9JmV4dHJhPU11bHRpdmF
yaWF0ZUlkPSYmJg==&&&107&&&http://www.federalregister.gov/a/2015-19743/p-19>.
Send public comments to: UseOfISO at nist.gov (also
see the address for sending written
comments<http://links.govdelivery.com:80/track?type=click&enid=ZWFzPTEmbWFpbG
luZ2lkPTIwMTUwODEyLjQ4MDQ3MzExJm1lc3NhZ2VpZD1NREItUFJELUJVTC0yMDE1MDgxMi40ODA
0NzMxMSZkYXRhYmFzZWlkPTEwMDEmc2VyaWFsPTE3MTcyNzEzJmVtYWlsaWQ9bWlyZWxhbmRAaW5m
b2dhcmQuY29tJnVzZXJpZD1taXJlbGFuZEBpbmZvZ2FyZC5jb20mZmw9JmV4dHJhPU11bHRpdmFya
WF0ZUlkPSYmJg==&&&108&&&http://www.federalregister.gov/a/2015-19743/p-5>)
HGST E-mail Confidentiality Notice & Disclaimer:
This e-mail and any files transmitted with it may contain confidential or
legally privileged information of HGST and are intended solely for the use of
the individual or entity to which they are addressed. If you are not the
intended recipient, any disclosure, copying, distribution or any action taken
or omitted to be taken in reliance on it, is prohibited. If you have
received this e-mail in error, please notify the sender immediately and
delete the e-mail in its entirety from your system.
More information about the T10
mailing list