(sigh)
Let's recap where we stand with FIPS 140-4:
- No schedule. The Division Chief position at NIST has still not been "officially" filled. Expect no progress or schedule before the new Division Chief is announced.
- No surprise. The FIPS 140-4 draft is an 11 page document that points to ISO/IEC 19790:2012.
- No overlap. If you are the proactive type, do not jump to the draft standard too early. Meeting a FIPS 140-4 requirement will not allow you a free pass on an annoying FIPS 140-2 requirement if they conflict.
The Vendor and Lab communities need to become more active in driving FIPS 140-4.
QUESTION: "How can I positively influence the adoption of FIPS 140-4?"
ANSWER: Contact Charles Romine, the Director of the Information Technology Laboratory at NIST. In the FOREWORD section of the FIPS 140-4 draft, the Director welcomes all comments. (A physical address is provided in the draft but a quick search on nist.gov shows the following e-mail for Dr. Romine: charles.romine@nist.gov)
Make "FIPS 140-4 Feedback" the subject of your e-mail.
Here are some things to think about when crafting your feedback to the Director:
- With the current 13 year-old FIPS 140-2 standard, will you be satisfied testing your future products to those aging requirements?
- Can you make the world a better place for government agencies by designing your products to more relevant requirements?
- Share your development lead times with the Director. Express how important it is for you to understand (and plan for) requirement changes.
My feedback e-mail has already been sent.
Mark Minnoch is an Account Manager at InfoGard Laboratories. He covers FIPS 140-4 updates like TMZ covers a paparazzi-dodging star.