Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

FIPS 198-1

The Keyed-Hash Message Authentication Code (HMAC)

Date Published: July 2008

Supersedes: FIPS 198 (03/06/2002)

Planning Note (11/04/2022):

This publication was reviewed by the Crypto Publication Review Board. It will be converted to a new NIST Special Publication, NIST SP 800-224.

FIPS 198-1 will be withdrawn when NIST SP 800-224 is published.

See the announcement of this decision for more details, including ways to monitor the development of NIST SP 800-224.


National Institute of Standards and Technology



MAC; message authentication; Federal Information Processing Standards (FIPS); computer security; HMAC; cryptography
Control Families

Audit and Accountability; System and Communications Protection; System and Information Integrity


Download URL

Supplemental Material:
None available

Document History:
07/16/08: FIPS 198-1 (Final)


Security and Privacy

message authentication

Laws and Regulations

Federal Information Security Modernization Act