Skip to Content


Federal Transition To Secure Hash Algorithm (SHA)-256

Document Details

Information about this document as published in the Federal Register.

Published Document

This document has been published in the Federal Register. Use the PDF linked in the document sidebar for the official electronic format.

Start Preamble


Department of Defense (DoD), General Services Administration (GSA), and National Aeronautics and Space Administration (NASA).


Notice of public meeting.


The Civilian Agency Acquisition Council, and the Defense Acquisition Regulations Council (Councils), are hosting the first of at least two public meetings to start a dialogue with industry and Government agencies about ways for the acquisition community to transition to Secure Hash Algorithm SHA-256. SHA-256 is a cryptographic hash function that is used in digital signatures, and authentication protocols.


Public Meeting: A public meeting will be held on March 18, 2011, from 9 a.m. to 12 p.m. EST. Attendees should register for the public meeting at least 1 week in advance to ensure adequate room accommodations.

Registrants will be given priority if room constraints require limits on attendance. At the March 18th meeting, two briefings will be provided on SHA-256. One will be at the agency level, and the other at the Federal level. Public comments will be solicited after a subsequent second public meeting.

Special Accommodations: The public meeting is physically accessible to people with disabilities. Requests for sign language interpretation or other auxiliary aids should be directed to Mr. Edward Loeb, telephone (202) 501-0650, at least 5 working days prior to the meeting date.


Public Meeting: The public meeting will be held in the General Services Administration (GSA) Multipurpose Room, 2nd floor, One Constitution Square, 1275 First Street, NE., Washington, DC 20417. Interested parties may register by faxing the following information to the GSA at (202) 501-4067, or e-mail by March 11, 2011:

(1) Company or Organization Name;

(2) Names of persons attending; and

(3) Last four digits of the social security number of persons attending.

Please cite “Federal Transition to Secure Hash Algorithm SHA-256” in all correspondence related to this public meeting.

Start Further Info


For clarification of content, contact Mr. Edward Loeb, Procurement Analyst, at (202) 501-0650. For information pertaining to status or publication schedules, contact the Regulatory Secretariat at (202) 501-4755. Please cite “Federal Transition to Secure Hash Algorithm SHA-256.”

End Further Info End Preamble Start Supplemental Information


The Federal environment uses SHA-1 for generating digital signatures. Current information systems, Web servers, applications and workstation operating systems were designed to process, and use SHA-1 generated signatures. National Institute of Standards and Technology (NIST) SP (Special Publication) 800-57, Recommendation for Key Management—Part 1, (the first document); and NIST SP 800-78-3, Cryptographic Algorithms and Key Sizes for Personal Identification Verification (PIV), at​publications/​PubsSPs.html, provide for the use of SHA-256 in all digital signatures generated. NIST has issued guidance for transition to stronger cryptographic keys, and more robust algorithms by December 2013.

Government systems may begin to encounter certificates signed with SHA-256, and in most cases it is unclear whether the Government systems will continue to function correctly.

Start Signature

Dated: February 24, 2011.

Millisa Gary,

Acting Director, Office of Governmentwide Acquisition Policy.

End Signature End Supplemental Information

[FR Doc. 2011-4662 Filed 3-1-11; 8:45 am]