UNITED STATES AND CANADA ADOPT FIPS CRYPTOGRAPHIC VALIDATION
TESTS
The National Institute of Standards and Technology (NIST) and the
Communications Security Establishment (CSE) of the Government of
Canada have jointly developed a conformance test method and
related procedures to validate products for conformance to
Federal Information Processing Standard (FIPS) 140-1, Security
Requirements for Cryptographic Modules. Products validated as
conforming to FIPS 140-1 will be accepted for use by both federal
agencies and the Canadian government for the protection of
sensitive, unclassified information.

Details about the NIST Cryptographic Module Validation Program
(CMVP) will be announced shortly.  Plans call for the use of the
National Voluntary Laboratory Accreditation Program, which is
administered by NIST, to accredit independent third-party testing 
laboratories to test products for conformance to FIPS 140-1. 
Laboratories will send the test results to NIST, which will issue
appropriate validation certificates based on review of test
results.  Testing laboratories and product vendors may reside in
either country.  U.S. and Canadian industry participation as
Accredited Testing laboratories is being encouraged by both NIST
and CSE.  

Vendors of cryptographic products will be able to build to a
common standard and utilize one common validation process.  Their
products will have a larger potential market.  Users will know
that products conforming to the standard are generally accepted
by both governments.

The conformance tests are specified in Derived Tests Requirements
for FIPS 140-1, Security Requirements for Cryptographic Modules, 
which is currently in draft form (see below for electronic access
instructions).  NIST has also developed a software program which
will be used by laboratories in the testing process.  The program
will assist testers by presenting the conformance tests and
requirements, and by providing a structured reporting mechanism
to record test results, notes, and references.  After the
completion of the tests, the program will print a test report for
submission to NIST for validation review.

FIPS 140-1 specifies the overall requirements for cryptographic
modules protecting sensitive, unclassified information and
provides a framework for other cryptographic standards.  FIPS
140-1 was developed in cooperation with CSE, cryptographic
product developers and integrators, and interested user
communities.  

FIPS 140-1 and the derived conformance tests may be obtained
electronically from http://csrc.nist.gov.  For more information
on the CMVP, contact Lisa Carnahan at (301) 975-3362 or
lcarnahan@nist.gov.

FEDERAL INFORMATION PROCESSING STANDARDS (FIPS) ACTIVITIES

Computer Security Guidance Published
The Secretary of Commerce recently approved two FIPS guidance
documents on computer security practices.  FIPS 190, Guideline
for the Use of Advanced Authentication Technology Alternatives,
describes the primary alternative methods for verifying the
identities of computer system users and provides recommendations
to federal agencies on the acquisition and use of technology
which supports these methods.  FIPS 191, Guideline for the
Analysis of Local Area Network Security, discusses threats and
vulnerabilities and considers technical security services and
security mechanisms.  It presents risk management concepts to
assist the reader in determining local area network (LAN) assets,
identifying threats, and proposing solutions to reduce the risk
to the LAN.

FIPS for Government Information Locator Service Approved
Also approved was FIPS 192, Application Profiles for the
Government Information Locator Service (GILS), a decentralized
collection of computer servers and associated information
services that the public can use to find information throughout
the federal government.  Based on a voluntary industry standard,
the American National Standard for Information Retrieval,
Application Service Definition and Protocol Specification for
Open Systems Interconnection (ANSI/NISO Z39.50), the application
profile was adapted for government systems by a group of industry
and government experts led by the U.S. Geological Survey.  The
profile is expected to be implemented in commercial, off-the-
shelf products that will improve information retrieval for users
and expand choices for federal agencies.

Initial Graphics Exchange Specification (IGES) Test Service
CSL initiated the IGES Test Service to evaluate conformance of
IGES processors to FIPS 177, IGES, and the Continuous Acquisition
and Life-Cycle Support (CALS) specification MIL-D-28000, Class II
subset (Engineering Drawings).  Both FIPS 177 and MIL-D-28000
adopt the American National Standard Digital Representation for
Communication of Product Definition Data, ASME/ANSI Y14.26M-1989,
the equivalent of IGES Version 4.0.  IGES specifies file
structure and syntactical definition, and defines the
representation of geometric, topological, and nongeometric
product definition data.  Conformance testing of IGES processors
maximizes the probability of successful data exchange between
dissimilar computer-aided design and computer-aided manufacturing
(CAD/CAM) systems, and ensures that the basic concepts and
geometry of IGES are correctly implemented.  

UPDATE ON NEW PUBLICATIONS

CSL publishes the results of studies, investigations, and
research.  The reports listed below may be ordered from the
following sources as indicated for each:

*Superintendent of Documents
U.S. Government Printing Office (GPO)
Washington, DC 20402
Telephone (202) 512-1800
Fax (202) 512-2250

*National Technical Information
Service (NTIS)
5285 Port Royal Road
Springfield, VA 22161
Telephone (703) 487-4650
Rush Service (800) 553-6847
Fax (703) 321-8547 or (703) 321-9038

NIST Workshop on the Computer Interface to Flat Panel Displays
By Mark P. Williamson, William E. Burr, and John W. Roberts
NIST Spec. Pub. 500-219
August 1994
SN003-003-03289-1        $14.00
Order from GPO

This publication presents the results of a CSL-sponsored workshop
held in California in January 1994 to bring together flat panel
display manufacturers, computer systems manufacturers, graphic
controller chip manufacturers, industry and government users, and
others who were interested in developing standards in this area.

Guide on Open System Environment (OSE) Procurements
By Gary E. Fisher
NIST Spec. Pub. 500-220
October 1994
SN003-003-03302-2        $11.00
Order from GPO

This report gives guidance on the U.S. government acquisition of
Open System Environment (OSE) infrastructure including operating
system, human/computer interface, software engineering, data
management, data interchange, graphics, network, security, and
system/network management services based on implementations of
standard application program interfaces, programming languages,
data formats, and protocols.

Industry/Government Open Systems Specification Testing Framework 
Jean-Philippe Favreau, Editor
NISTIR 5438
June 1994
PB94-219110              $27.00 paper
Order from NTIS          $12.50 microfiche

This document describes the procedures to assess which networking
products conform to the IGOSS profiles and which are
interoperable.

Federal Certification Authority Liability and Policy
By Michael S. Baum
NIST-GCR 94-654     
June 1994 
PB94-191202              $61.00 paper
Order from NTIS          $19.50 microfiche

This report identifies technical, legal, and policy issues
affecting a certificate-based public key cryptographic
infrastructure utilizing digital signatures supported by "trusted
entities."

Quality Characteristics and Metrics for Reusable Software
(Preliminary Report)
By W.J. Salamon and D.R. Wallace
NISTIR 5459
May 1994
PB94-203437              $17.50 paper
Order from NTIS          $ 9.00 microfiche

This report identifies a set of quality characteristics of
software and provides a summary of software metrics that are
useful in measuring these quality characteristics for software
products.  The metrics are useful in assessing the reusability of
software products.

Report of the NIST Workshop on Key Escrow Encryption
By Arthur E. Oldehoeft; Dennis K. Branstad, Editor
NISTIR 5468    
June 1994 
PB94-209459              $27.00 paper
Order from NTIS          $12.50 microfiche

This document presents the proceedings of the NIST Workshop on
Key Escrow Encryption in June 1994 to engage the private sector
in dialogue on the issues of key escrow encryption.

A Head Start on Assurance, Proceedings of an Invitational
Workshop on Information Technology (IT) Assurance and
Trustworthiness
Marshall D. Abrams and Patricia R. Toth, Editors
NISTIR 5472    
August 1994    
PB94-215746              $19.50 paper
Order from NTIS          $ 9.00 microfiche

This document presents the proceedings of a workshop held in
March 1994 in Williamsburg, Virginia, to identify crucial issues
on assurance in IT systems and to provide input into the
development of policy guidance on determining the type and level
of assurance appropriate in a given environment.

Framework for National Information Infrastructure Services
William Majurski, Wayne McCoy, James Pottmeyer, Wayne Jansen,
Richard Schneeman, David Cypher, and Oscar G. Farah
NISTIR 5478
July 1994
PB95-103719              $27.00 paper
Order from NTIS          $12.50 microfiche

This framework document is one of a series of reports which
together will provide a comprehensive overview of the National
Information Infrastructure (NII) issues from the different
perspectives of the three-layer model defined by the Information
Infrastructure Task Force.

Making Sense of Software Engineering Environment Framework
Standards
By Barbara Cuthill
NISTIR 5487
May 1994
PB95-105037              $17.50 paper
Order from NTIS          $ 9.00 microfiche

This document describes the functionality and integration support
supplied by a selected set of software environment framework
standards and specifications with respect to common models.

Comparison of FFT Fingerprint Filtering Methods for Neural
Network Classification
By C.I. Watson, G.T. Candela, and P.J. Grother
NISTIR 5493
September 1994
PB95-136362              $17.50 paper
Order from NTIS          $ 9.00 microfiche

This report describes character recognition research which uses
two types of Fourier Transform-based filter to enhance
fingerprint images for use with a neural network fingerprint
classification system developed by CSL.

A Domain Analysis of the Alarm Surveillance Domain
By Christopher E. Dabrowski and James Watkins
NISTIR 5494
September 1994
PB95-136339              $36.50 paper
Order from NTIS          $17.50 microfiche

This report describes the results of the application of the
domain modeling phase of the Feature-Oriented Domain Analysis
(FODA) method to the alarm surveillance domain.  Domain analysis
is a pivotal technique for developing reusable products that can
be used to engineer software systems.

Computer Security Training & Awareness Course Compendium
Kathie Everhart, Editor
NISTIR 5495 (supersedes NISTIR 4846)
September 1994
PB95-130985              $27.00 paper
Order from NTIS          $12.50 microfiche

This compendium of computer security training and awareness
courses assists federal agencies to locate computer security
training resources.

Report on the Advanced Software Technology Workshop, Feb. 1, 1994
Dolores R. Wallace, D. Richard Kuhn, and Thomas R. Rhodes,
Editors
NISTIR 5500
August 1994
PB95-136610              $17.50 paper
Order from NTIS          $ 9.00 microfiche

This report summarizes the deliberations of an invitational
workshop held at NIST to identify opportunities that CSL might
pursue in the area of advanced software technology.

Channel Coding for Code Excited Linear Prediction Encoded Speech
in Mobile Radio Applications
By Ehud Bracha, Nariman Farvardin, and Yaacov Yesha
NISTIR 5503
August 1994
PB95-143178              $17.50 paper
Order from NTIS          $ 9.00 microfiche

This report describes a software simulation of channel coding of
the Code Excited Linear Prediction (CELP) encoded speech data on
wireless communication systems.

Information Technology Engineering and Measurement Model:  Adding
lane markings to the information superhighway
By Marvin Zelkowitz and Barbara Cuthill
NISTIR 5522
November 1994
PB95-143145              $17.50 paper
Order from NTIS          $ 9.00 microfiche

This paper describes the growth of the National Information
Infrastructure (NII) concept and proposes the Information
Technology Engineering and Measurement (ITEM) model that may be
useful in describing the set of services an operational NII may
contain.

Mapping Integration Definition for Information Modeling (IDEF1X)
Model into CASE Data Interchange Format (CDIF) Transfer File
By Igor Simakhodskiy
NISTIR 5530
November 1994
PB95-154670              $27.00 paper
Order from NTIS          $12.50 microfiche

This document describes a mapping of an IDEF1X view into the CDIF
transfer file, demonstrating that it is possible to use the
standard exchange for moving information between different tools.

UPCOMING TECHNICAL CONFERENCES 

North American ISDN Users' Forum (NIUF)
The NIUF addresses many concerns over a broad range of Integrated
Services Digital Network (ISDN) issues and seeks to reach
consensus on ISDN Implementation Agreements.  Participants
include ISDN users, implementors, and service providers.
Dates:  February 28-March 2, 1995 (Nashville, TN)
        June 5-9, 1995 (NIST)
        November 13-17, 1995 (NIST)
Contact:  Sara Caswell
(301) 975-2937
E-mail:  sara@isdn.ncsl.nist.gov

Open System Environment (OSE) Implementors Workshop (OIW)
This workshop is part of a continuing series to develop
implementation specifications from international standard design
specifications for computer network protocols.
Sponsors:  NIST and the IEEE Computer Society
Dates:  March 14-16, 1995
        June 13-15, 1995
        September 12-14, 1995
        December 5-7, 1995
Place:  NIST, Gaithersburg, MD
Contact:  Brenda Gray
(301) 975-3664
E-mail: bgray@sst.ncsl.nist.gov

Lecture Series on Applied Information Technology
Co-sponsored by the NIST Center for Applied Information
Technology (CAIT), Advanced Technology Program (ATP), and
Electronic Commerce Integration Facility, this new lecture series
will present leaders in industry, academia, and government
speaking on topics such as electronic commerce, collaborative
engineering, virtual enterprise, healthcare information
infrastructure, manufacturing information infrastructure,
nationwide multimedia libraries, and education.
Dates:  March 22; April 21; May 18, 1995
Time:  2:00 p.m.
Place:  NIST Green Auditorium
Contact:  Carol Edgar
(301) 975-3613
E-mail:  edgar@snad.ncsl.nist.gov

Lecture Series on High Integrity Systems
This lecture series addresses problems and solutions for
developing and operating high integrity systems.
Dates:  April 17, 1995, 1:00 p.m. (note new time)
          Richard Lindner, IBM, "Software Development by a
          Baldrige Award Winner"
        May 22, 1995, 2:00 p.m.
          Pamela Zave, AT&T Bell Labs, "Formal Specification of
          Telecommunications Software"
Place:  NIST Green Auditorium
Contact:  Dolores Wallace
(301) 975-3340
E-mail: dwallace@nist.gov

Applications Portability Profile (APP)/Open Systems Environment
(OSE) Workshop
This workshop is designed as a user's forum to discuss the latest
developments in the APP/OSE.
Dates:  May 9-11, 1995
        November 7-8, 1995
Place:  NIST, Gaithersburg, MD
Contact:  Joe Hungate
(301) 975-3368
E-mail:  hungate@sst.ncsl.nist.gov

8th Annual Data Administration Management Association (DAMA)
Symposium
This symposium will disseminate knowledge and experience about
data administration and provide a forum for the exchange of ideas
and resolution of problems.
Sponsors:  NIST and DAMA
Date:  May 16-17, 1995
Place:  NIST, Gaithersburg, MD
Contact:  Judith Newton
(301) 975-3256
E-mail:  newton@ecf.ncsl.nist.gov

COMPASS '95 Tenth Annual Conference on Computer Assurance
COMPASS '95 will focus on issues related to specifying, building,
and certifying high-assurance computer systems.
Sponsors:  IEEE and the IEEE Aerospace and Electronic Systems
Society, in cooperation with the British Computer Society
Date:  June 26-30, 1995
Place:  NIST, Gaithersburg, MD
Contact:  Laura Ippolito
(301) 975-5248
E-mail:  ippolito@sst.ncsl.nist.gov