HMAC's Last Stand: NIST Proposes Security Standard Sunset
Published Date: 6/23/2025
Notice
Summary
NIST wants to retire the old HMAC security standard (FIPS 198-1) and is asking everyone—tech pros, governments, and the public—for their thoughts before making it official. This change affects anyone using this standard for securing info, so it’s a heads-up to prepare for updates. No big costs expected, but staying in the loop now means smoother transitions later!
Analyzed Economic Effects
1 provisions identified: 0 benefits, 0 costs, 1 mixed.
NIST proposes withdrawing HMAC standard
The National Institute of Standards and Technology (NIST) proposes to withdraw FIPS 198-1, the Keyed-Hash Message Authentication Code (HMAC). If you or your organization use HMAC to secure information, this is a heads-up to prepare for updates and consider submitting comments; NIST is asking for input from the public, the IT industry, and Federal, State, and local governments. The notice says no big costs are expected from the withdrawal.
Your PRIA Score
Personalized for You
How does this regulation affect your finances?
Sign up for a PRIA Policy Scan to see your personalized alignment score for this federal register document and every other regulation we track. We analyze your financial profile against policy provisions to show you exactly what matters to your wallet.
Key Dates
Department and Agencies
Take It Personal
Get Your Personalized Policy View
Start a Free Government Policy Watch to see how policy affects your household, then upgrade to PRIA Full Coverage for year-round monitoring.
Already have an account? Sign in