Proposed Withdrawal of FIPS 198-1, Keyed-Hash Message Authentication Code (HMAC)
June 23, 2025

NIST proposes to withdraw FIPS 198-1, The Keyed-Hash Message Authentication Code (HMAC), from the FIPS series. 

Prior to the submission of this proposed withdrawal of FIPS 198-1 to the Secretary of Commerce for review and approval, NIST invites comments from the public, users, the information technology industry, and Federal, State, and local governments, and government organizations concerning the withdrawal of this FIPS.

FIPS 198-1 is proposed for withdrawal because the content is more suitable in a NIST Special Publication (SP) and outdated.  Specifically, a) it describes a cryptographic scheme, instead of a fundamental cryptographic primitive, and b) the HMAC specification needs to be updated to include block sizes to support the SHA-3 family of hash functions defined in FIPS 202, SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions. The content is being moved to a new NIST Special Publication, SP 800-224, Keyed-Hash Message Authentication Code (HMAC): Specification of HMAC and Recommendations for Message Authentication.