PUBLIC KEY INFRASTRUCTURE PROPOSED TO IMPLEMENT THE DIGITAL 
SIGNATURE STANDARD

CSL has proposed a pilot public key infrastructure (PKI) program 
needed to implement the Digital Signature Standard (DSS).  The 
DSS uses public key cryptography, which relies on public and 
private digital keys to verify both the integrity of electronic 
messages and forms, and the signer's identity.  The public key, 
used by the receiver of a signed message to verify the digital 
signature, must be assigned and certified by a reliable third 
party.  In the future, a PKI will manage the certification of 
public keys on a large-scale basis.

In May 1994, the Secretary of Commerce approved Federal
Information Processing Standard (FIPS) 186, DSS, for federal
agencies and their contractors to use for the protection of
unclassified information when digital signatures are required. 
Private and commercial organizations can choose to follow the
standard voluntarily without the payment of royalties to the
government.

You can purchase a copy of FIPS 186, DSS, from the National
Technical Information Service at (703) 487-3238.  We also have an
informative fact sheet on the DSS available free of charge from
our Publications Office at (301) 975-2821.  We will keep you
informed of the progress of the PKI as developments occur.

FEDERAL INFORMATION PROCESSING STANDARDS (FIPS) ACTIVITIES

New FIPS Specifies a Uniform Telecommunications Infrastructure
Administration for Federal Buildings
The Secretary of Commerce recently approved FIPS 187,
Administration Standard for the Telecommunication Infrastructure
of Federal Buildings, for federal agency use.  To be effective
February 10, 1995, FIPS 187 adopts ANSI/TIA/EIA-606-1993,
Administration Standard for the Telecommunications Infrastructure
of Commercial Buildings, which establishes guidelines and defines
administrative requirements of the telecommunications
infrastructure within a new, existing, or renovated office
building or campus.  This standard is expected to help
administrators document and manage the telecommunications
infrastructure over the life cycle of a building.   

FIPS for Standard Security Label for Information Transfer
Also approved was FIPS 188, Standard Security Label for
Information Transfer.  Effective March 1, 1995, the standard
defines a security label syntax for information exchanged over
data networks and provides label encodings for use at the
Application and Network Layers.  Security labels convey
information used by protocol entities to determine how to handle
data communicated between open systems.  Security label
information can be used to control access, specify protective
measures, and determine additional handling restrictions required
by a communications security policy.

FIPS 189, Portable Operating System Interface (POSIX); Part 2: 
Shell and Utilities, Approved
This new standard adopts the International Standard ISO/IEC 9945-
2:1993, Information Technology--Portable Operating System
Interface (POSIX)--Part 2:  Shell and Utilities, which defines a
command language interpreter (shell) and a set of utility
programs.  Effective April 3, 1995, FIPS 189 deals with methods
by which a person interacts with the operating systems.

Proposed FIPS for Cryptographic Service Calls
A proposed FIPS for Cryptographic Service Calls specifies a
standard interface for application programs to request
cryptographic functions from a cryptographic module. 
Cryptographic functions include message encryption and
decryption, message authentication, digital signature generation
and verification, key management, and user authentication.  The
proposed standard supports both secret key and public key
algorithms.

Revision to FIPS 180, Secure Hash Standard, Proposed
A proposed revision to FIPS 180, Secure Hash Standard (SHS),
corrects a technical flaw that made the standard less secure than
had been thought.  The algorithm is still reliable as a security
mechanism, but the correction returns the SHS to the original
level of security.  

FIPS 21-3, COBOL, Being Revised
A proposed revision to FIPS 21-3, COBOL, adopts the amendment
ANSI X3.23b-1993 to the American National Standard for COBOL
which corrects and clarifies the language.  The American National
Standard defines the elements of the COBOL programming language
and the rules for their use.  To be published as FIPS 21-4, the
revised standard promotes the portability of COBOL programs for
use on a variety of federal data processing systems.

Proposed Changes to FIPS 146-1, Government Open Systems
Interconnection Profile (GOSIP), Version 2, and FIPS 179,
Government Network Management Profile (GNMP)
Proposed changes which resulted from the recommendations of the
Federal Internetworking Requirements Panel expand the choices
that agencies have in specifying networking protocols and
services.

UPDATE ON NEW PUBLICATIONS

CSL publishes the results of studies, investigations, and
research.  The reports listed below may be ordered from the
following sources as indicated for each:

*Superintendent of Documents
U.S. Government Printing Office (GPO)
Washington, DC 20402
Telephone (202) 512-1800

*National Technical Information
Service (NTIS)
5285 Port Royal Road
Springfield, VA 22161
Telephone (703) 487-4650

IGOSS-Industry/Government Open Systems Specifications
Gerard Mulvenna, Editor
NIST Spec. Pub. 500-217
May 1994
SN003-003-03269-7        $8.00
Order from GPO

This specification is a reference that IGOSS organizations can
use when acquiring and operating ADP systems or services and
communications systems or services based on Open Systems
Interconnection (OSI) protocols.  The IGOSS is jointly authored
by the U.S. Government, the Canadian Government, Manufacturing
Automation Protocol (MAP) group, the Technical and Office
Protocol (TOP) group, and the electric power group.

Analyzing Electronic Commerce
By Len Gebase and Steve Trus  
NIST Spec. Pub. 500-218
June 1994
SN003-003-03270-1        $3.00
Order from GPO

This document presents an overview of electronic commerce and
examines some of the key issues involved in its deployment.  It
introduces an electronic commerce architectural model and
discusses applications, user interfaces, communications, data
management, and security.

Security in Open Systems
By R. Bagwill, J. Barkley, L. Carnahan, S. Chang, R. Kuhn, P.
Markovitz, A. Nakassis, K. Olsen, M. Ransom, and J. Wack; John
Barkley, Editor
NIST Spec. Pub. 800-7
July 1994
SN003-003-03276-0        $19.00
Order from GPO

This report provides information for service designers and
programmers involved in the development of telecommunications
application software; it focuses on building security into
software based on open system platforms.  

ISDN Conformance Testing Guidelines - Guidelines for Implementors
of ISDN Customers Premise Equipment to Conform to Both National
ISDN-1 and North American ISDN Users' Forum; Layer 3, Basic Rate
Interface, Basic Call Control; Abstract Test Suites
Leslie A. Collica and Dawn M. Hoffman, Editors
NIST Spec. Pub. 823-6
July 1994
SN003-003-03278-6        $2.50
Order from GPO

This document provides information, as a supplement to the
abstract test suites, to allow conformance to both the Bellcore
National ISDN-1 and North American ISDN Users' Forum
specifications for the ISDN Layer 3 Basic Rate Interface for
Basic Call Control (user-side).

The Information Infrastructure:  Reaching Society's Goal
Kathleen Roberts, Editor
NIST Spec. Pub. 868
September 1994
SN003-003-03283-2        $11.00
Order from GPO

This document is the second volume of papers in which the
Information Infrastructure Task Force discusses how improvements
in the National Information Infrastructure (NII) can help meet
social goals.

Preliminary Functional Specifications of a Prototype Electronic
Research Notebook for NIST
By Shu-jen Chang, Elizabeth Fong, James Foti, and Bruce Rosen
NISTIR 5395
April 1994
PB94-207750              $19.50 paper
Order from NTIS          $ 9.00 microfiche

This report presents the preliminary study on the feasibility and
possible use of electronic research notebooks (ERN) for NIST
scientists.

A User Profile for Researchers Studying Objects:  Implications
for Computer Systems
By Judi Moline
NISTIR 5415
April 1994
PB94-188463              $17.50 paper
Order from NTIS          $ 9.00 microfiche

This report identifies the information-handling features needed
in computer systems to facilitate the research of those who study
objects, physical entities that are studied as a representation
of a particular culture.

A Simple Scalability Test for MIMD Code
By Gordon Lyon and Raghu Kacker
NISTIR 5417
June 1994
PB94-193638              $17.50 paper
Order from NTIS          $ 9.00 microfiche

This report presents a test for the scalability of computer code
which can be estimated by statistically designed experiments that
empirically approximate a multivariate Taylor expansion of the
code's execution response function.

A Study of Federal Agency Needs for Information Technology
Security
By Dennis M. Gilbert
NISTIR 5424
May 1994
PB94-193653              $27.00 paper
Order from NTIS          $12.50 microfiche

This report presents the results of a NIST study to determine and
document what federal agencies need to meet their information
technology security requirements.

The Second Census Optical Character Recognition Systems
Conference
By J. Geist, R.A. Wilkinson, S. Janet, P.J. Grother, B. Hammond,
N.W. Larsen, R.M. Klear, M.J. Matsko, C.J.C. Burges, R. Creecy,
J.J. Hull, T.P. Vogl, and C.L. Wilson
NISTIR 5452    
May 1994
PB94-188711              $36.50 paper
Order from NTIS          $17.50 microfiche

This publication presents the results of the Second Census
Optical Character Recognition Systems Conference sponsored by the
U.S. Bureau of the Census and NIST in February 1994.

Federal Certification Authority Liability and Policy - Law and 
Policy of Certificate-Based Public Key and Digital Signatures
By Michael S. Baum
NIST-GCR-94-654
June 1994
PB94-191202              $61.00 paper
Order from NTIS          $19.50 microfiche

This report identifies diverse technical, legal, and policy
issues affecting a certificate-based public key cryptographic
infrastructure utilizing digital signatures supported by "trusted
entities."

Face Recognition Technology for Law Enforcement Applications
By C.L Wilson, C.S. Barnes, R. Chellappa, and S.A. Sirohey
NISTIR 5465
July 1994
PB94-207768              $19.50 paper
Order from NTIS          $ 9.00 microfiche

This report describes the extensive face recognition technology
which is available in the literature for law enforcement
applications.

Report of the NIST Workshop on Key Escrow Encryption
By Arthur E. Oldehoeft; Dennis K. Branstad, Editor
NISTIR 5468
June 1994
PB94-209459              $27.00 paper
Order from NTIS          $12.50 microfiche

This document presents the results of a one-day workshop held at
NIST in June 1994.

NIST Form-Based Handprint Recognition System
By Michael D. Garris, James L. Blue, Gerald T. Candela, Darrin L.
Dimmick, Jon Geist, Patrick J. Grother, Stanley A. Janet, and
Charles L. Wilson
NISTIR 5469
July 1994
PB94-217106              $19.50 paper
Order from NTIS          $ 9.00 microfiche

This document describes a form-based handprint recognition system
developed by CSL for evaluating optical character recognition. 
It documents the system in terms of its installation,
organization, and functionality.

A Head Start on Assurance, Proceedings of an Invitational
Workshop on Information Technology (IT) Assurance and
Trustworthiness
Marshall D. Abrams and Patricia R. Toth, Editors
NISTIR 5472
August 1994
PB94-215746              $19.50 paper
Order from NTIS          $ 9.00 microfiche

This report presents proceedings of an Invitational Workshop on
IT Assurance and Trustworthiness held March 21-13, 1994, in
Williamsburg, Virginia.  

Videoconferencing Procurement and Usage Guide
By Michael A. Wallace and Daniel E. Rorrer
NISTIR 5485
August 1994
PB94-217023              $19.50 paper
Order from NTIS          $ 9.00 microfiche

This report provides guidance for the evaluation, selection,
purchase, installation, and use of videoconferencing systems
currently available.

Validated Products List 1994 No. 4
J.B. Kailey and P.N. Himes, Editors
NISTIR 5510 (supersedes NISTIR 5475)
October 1994   
PB94-937304              $36.50 paper
Order from NTIS         $146.00 subscriptions     

This document, published quarterly, identifies the COBOL,
FORTRAN, Pascal, C, MUMPS, and Ada programming language
processors with current validation certificates and the SQL
language processors with registered test reports.  Also included
are GOSIP Conformance Testing Registers, NIST POSIX Testing
Laboratories and Validated Products, Graphics, and Computer
Security testing programs.

UPCOMING TECHNICAL CONFERENCES
Lecture Series on High Integrity Systems
This lecture series addresses problems and solutions for
developing and operating high integrity systems.
Dates:    November 14, 1994, Anthony Wasserman, Interactive
	  Development Environments, "The Next Generation of
	  Software Development Environments"

	  January 9, 1995, Mary Jean Harrold, Clemson University,
	  "Testing Object-Oriented Programs"

Place:  NIST Green Auditorium
Time:  2:00 p.m.
Contact:  Dolores Wallace
(301) 975-3340
E-mail:  wallace@swe.ncsl.nist.gov

Applications Portability Profile (APP)/Open Systems Environment
(OSE) Workshop
This workshop is designed as a user's forum to discuss the latest
developments in the APP/OSE.
Dates:  November 15-16, 1994
	May 9-10, 1995
	November 7-8, 1995
Place:  NIST, Gaithersburg, MD
Contact:  Joe Hungate
(301) 975-3368
E-mail:  hungate@swe.ncsl.nist.gov

Lecture Series on Applied Information Technology
Co-sponsored by the NIST Center for Applied Information
Technology (CAIT), Advanced Technology Program (ATP), and
Electronic Commerce Integration Facility, this new lecture series
will present leaders in industry, academia, and government
speaking on topics such as electronic commerce, collaborative
engineering, virtual enterprise, health care information
infrastructure, manufacturing information infrastructure,
nationwide multimedia libraries, and education.
Dates:  Dec. 20, 1994; Jan. 27, 1995; Feb. 22, 1995
Time:  2:00 p.m.
Place:  NIST Green Auditorium
Contact:  Steve Trus
(301) 975-3617
E-mail:  trus@duke.ncsl.nist.gov

Open System Environment (OSE) Implementors Workshop (OIW)
This workshop is part of a continuing series to develop
implementation specifications from international standard design
specifications for computer network protocols.
Sponsors:  NIST and the IEEE Computer Society
Dates:  December 12-16, 1994
	March 13-17, 1995
	June 12-16, 1995
	September 11-15, 1995
	December 4-8, 1995
Place:  NIST, Gaithersburg, MD
Contact:  Brenda Gray
(301) 975-3664
E-mail:  gray@osi.ncsl.nist.gov

Federal Wireless Users Forum (FWUF)
This users group was established to address wireless digital
interface issues in the federal government.  Although focusing on
the requirements of federal wireless telecommunication users, the
forum encourages the participation of state and local government,
other interested users, product providers, and service providers. 
Sponsors:  NIST and the National Communications System (NCS)
Dates:  January 24-26, 1995
	May 23-25, 1995
	October 24-26, 1995
Place:  NIST, Gaithersburg, MD
Contact:  Tish Antonishek
(301) 975-2922
E-mail:  tish@dsys.ncsl.nist.gov

North American ISDN Users' Forum (NIUF)
The NIUF addresses many concerns over a broad range of Integrated
Services Digital Network (ISDN) issues and seeks to reach
consensus on ISDN Implementation Agreements.  Participants
include ISDN users, implementors, and service providers.
Dates:  February 28-March 2, 1995 (Nashville, TN)
	June 5-9, 1995 (NIST)
	November 13-17, 1995 (NIST)
Contact:  Sara Caswell
(301) 975-2937
E-mail:  sara@isdn.ncsl.nist.gov