The IT Law Wiki
The IT Law Wiki

Overview

Federal Information Processing Standards (FIPS) are developed by the Computer Security Division within the National Institute of Standards and Technology (NIST). They are publicly announced standards approved by the Secretary of Commerce and issued by NIST in accordance with FISMA.[1] FIPS are compulsory and binding for federal agencies. FISMA requires that federal agencies comply with these standards, and therefore, agencies may not waive their use.

Many FIPS standards are modified versions of standards used in the wider community (American National Standards Institute (ANSI), Institute of Electrical and Electronics Engineers (IEEE), International Organization for Standardization (ISO), etc.)

FIPS publications

The FIPS publications summarized in the IT Law wiki (in reverse numerical order) include:

  • FIPS 201-2: (Revised Draft) Personal Identity Verification (PIV) of Federal Employees and Contractors (July 9, 2012) (full-text).
  • FIPS 201-1: Personal Identity Verification (PIV) of Federal Employees and Contractors (Mar. 2006) (including Change Notice 1 of June 23, 2006) (full-text).
  • FIPS 201: Personal Identity Verification (PIV) of Federal Employees and Contractors (Mar. 2011) (withdrawn Mar. 2006; superseded by FIPS 201-1).
  • FIPS 200: Minimum Security Requirements for Federal Information and Information Systems (Mar. 9, 2006) (full-text).
  • FIPS 199: Standards for Security Categorization of Federal Information and Information Systems (Feb. 2004) (full-text).
  • FIPS 197: Advanced Encryption Standard (Nov. 2001) (full-text).
  • FIPS 196: Entity Authentication Using Public Key Cryptography (Feb. 1997) (full-text).
  • FIPS 191: Guideline for The Analysis of Local Area Network Security (Nov. 1994) (full-text).
  • FIPS 190: Guideline for the Use of Advanced Authentication Technology Alternatives (Sept. 1994) (full-text).
  • FIPS 188: Standard Security Label for Information Transfer (Sept. 6, 1994) (full-text).
  • FIPS 186-3: Digital Signature Standard (DSS) (June 2009) (full-text).
  • FIPS 187: Administration Standard for the Telecommunication Infrastructure of Federal Buildings (Feb/ 10, 1995).
  • FIPS 185: Escrowed Encryption Standard (Feb. 9, 1994). (full-text).
  • FIPS 181: Automated Password Generator (APG) (Oct. 5, 1993) (full-text).
  • FIPS 180-4: Secure Hash Standard (Aug. 2015) (full-text).
  • FIPS 180-3: Secure Hash Standard (Oct. 2008) (full-text).
  • FIPS 140-3: DRAFT Security Requirements for Cryptographic Modules (Revised Draft) (Dec. 11, 2009) (full-text).
  • FIPS 140-2: Security Requirements for Cryptographic Modules (May 25, 2001) (full-text).
  • FIPS 140-1: Security Requirements for Cryptographic Modules (Jan. 1994).(full-text).
  • FIPS 113: Computer Data Authentication (May 30, 1985) (full-text) (withdrawn 73 Fed. Reg. 51276 (Sept. 2, 2008)).
  • FIPS 112: Password Usage (May 30, 1985) (full-text) (withdrawn 70 Fed. Reg. 6623 (Feb. 8, 2005)).
  • FIPS 106: -Guideline on Software Maintenance (June 15, 1984).
  • FIPS 102: Guideline for Computer Security Certification and Accreditation (Sept. 27, 1983) (full-text) (withdrawn 70 Fed. Reg. 6623 (05 Feb. 8, 2005)).
  • FIPS 88: Guideline on Integrity Assurance and Control in Database Administration (Aug. 14, 1981) (withdrawn 62 Fed. Reg. 40502 (July 29, 1997)).
  • FIPS 87: Guidelines for ADP Contingency Planning (Mar. 27, 1981) (withdrawn 70 Fed. Reg. 6623 (Feb. 8, 2005)).
  • FIPS 83: Guideline on User Authentication Techniques for Computer Network Access Control (Sept. 29, 1980) (withdrawn 70 Fed. Reg. 6623 (Feb. 8, 2005)).
  • FIPS 81: DES Modes of Operation (Dec. 2, 1980) (withdrawn May 19, 2005).
  • FIPS 74: Guidelines for Implementing and Using the NBS Data Encryption Standard (Apr. 1, 1981) (withdrawn May 19, 2005).
  • FIPS 73: Guidelines for Security of Computer Applications (June 30, 1980) (full-text) (withdrawn 70 Fed. Reg. 6623 (Feb. 8, 2005)).
  • FIPS 65: Guideline for Automatic Data Processing Risk Analysis (79 Aug. 1, 1979) (withdrawn Aug. 25 1995).
  • FIPS 64: Guidelines for Documentation of Computer Programs and Automated Data Systems for the Initiation Phase (Aug. 1, 1979) (withdrawn Aug. 25, 1995).
  • FIPS 48: Guidelines on Evaluation of Techniques for Automated Personal Identification (Apr. 1, 1977) (withdrawn 70 Fed. Reg. 6623 (Feb. 8, 2005)).
  • FIPS 46-3: Data Encryption Standard (DES) (specifies the use of Triple DES) (Oct. 25, 1999) (withdrawn May 19, 2005).
  • FIPS 41: Computer Security Guidelines for Implementing the Privacy Act of 1974 (May 30, 1975) (withdrawn 63 Fed. Reg. 64062 (Nov. 18, 1998)).
  • FIPS 39: Glossary for Computer Systems Security (Feb. 15, 1976) (withdrawn Apr. 29, 1993).
  • FIPS 38: Guidelines for Documentation of Computer Programs and Automated Data Systems (Feb. 15, 1976) (withdrawn Aug. 25, 1995).
  • FIPS 31: Guidelines for Automatic Data Processing Physical Security and Risk Management (June 1974) (full-text) (withdrawn 70 Fed. Reg. 6623 (Feb. 8, 2005)).
  • FIPS 30: Software Summary for Describing Computer Programs and Automated Data Systems (June 30, 1974) (withdrawn 58 Fed. Reg. 67396 (Dec. 21, 1993)).
  • FIPS 29-3: Interpretation Procedures for Federal Information Processing Standards for Software (Oct. 29, 1992) (withdrawn 65 Fed. Reg. 10050 (Feb. 25, 2000)).
  • FIPS 24: Flowchart Symbols and Their Usage in Information Processing (ANSI X3.5-1970) (June 30, 1973) (withdrawn Aug. 23. 1988).
  • FIPS 11-3: Guideline: American National Dictionary for Information Systems (ANSI X3.172-1990 & X3.172A-1992) (Feb. 1, 1991) (withdrawn 62 Fed. Reg. 40502 (July 29, 1997)).
  • FIPS 4-2: Representation of Calendar Date to Facilitate Interchange of Data Among Information Systems (Nov. 15, 1998) (withdrawn 73 Fed. Reg. 51276 (Sept. 2, 2008)).

Standard publications

Some FIPS standards were originally developed by the U.S. government. For instance, standards for encoding data (e.g. country codes), but more significantly some encryption standards, such as the Data Encryption Standard (FIPS 46) and the Advanced Encryption Standard (FIPS 197).

References

  1. 40 U.S.C. §11331 and 15 U.S.C. §278g-3, as amended by FISMA.


This page uses Creative Commons Licensed content from Wikipedia (view authors). Smallwikipedialogo.png