While /u/ThenaCykez is correct about what the standard says (although unfortunately he or she has linked to a superseded version), the actual mechanical reason that 112 bits was specifically chosen (instead of, for example, a power of 2) is that the [Data Encryption Standard](https://en.wikipedia.org/wiki/Data_Encryption_Standard) supports key lengths that are a multiple of 56 bits (original DES has a 64-bit key but 8 bits are used for parity checking rather than encryption, so a 56-bit effective key length) and while the original 56-bit DES is no longer considered adequately secure, 112-bit is still considered adequately secure (for now although as /u/ThenaCykez points out, it has a planned deprecation date).

The actual estimated cost to compromise encryption schemes used by the US government that is used to inform standards decisions is not made public, because it is informed by non-public cryptographic attacks to which the NSA / other agencies have access but are not widely known.