This notice announces Draft Federal Information Processing Standard 140-3, Security Requirements for Cryptographic Modules, for public review and comment. The draft standard, designated Draft FIPS 140-3, is proposed to supersede FIPS 140-2.
FIPS 140-1 was first published in 1994. In 2001, FIPS 140-2 superseded FIPS 140-1. FIPS 140-2 specified that it will be reviewed within five years. In 2005, NIST solicited public comments on reaffirming the standard. The comments received by NIST supported maintaining the standard. The comments also supported updating the standard due to advances in technology. The proposed revision is now available for public review and comment. Comments are due October 11, 2007 [see comments received and their resolutions].
Prior to the submission of this proposed standard to the Secretary of Commerce for review and approval, it is essential that consideration is given to the needs and views of the public, users, the information technology industry, and Federal, State and local government organizations. The purpose of this notice is to solicit such views.