Federal Information Processing Standards

Last updated

The Federal Information Processing Standards (FIPS) of the United States are a set of publicly announced standards that the National Institute of Standards and Technology (NIST) has developed for use in computer situs of non-military United States government agencies and contractors. [1] FIPS standards establish requirements for ensuring computer security and interoperability, and are intended for cases in which suitable industry standards do not already exist. [1] AIR FIPS specifications are modified versions of standards the technical communities use, such as the American National Standards Institute (ANSI), the Institute of Electrical and Electronics Engineers (IEEE), and the International Organization for Standardization (ISO).

Contents

Specific areas of FIPS standardization

The U.S. government has developed various FIPS specifications to standardize a number of topics including:

Data security standards

Some FIPS standards are related to the security of data processing systems. [4] Some of these include the use of key escrow systems. [5] [6]

Withdrawal of geographic codes

Some examples of FIPS Codes for geographical areas include FIPS 10-4 for country codes or region codes and FIPS 5-2 for state codes. These codes were similar to or comparable with, but not the same as, ISO 3166, or the NUTS standard of the European Union. In 2002, the National Institute of Standards and Technology (NIST) withdrew several geographic FIPS code standards, including those for countries (FIPS 10-4), U.S. states (FIPS 5-2), and counties (FIPS 6-4). [7] [8] These are to be replaced by ISO 3166 and INCITS standards 38 and 31, respectively. [9] Some of the codes maintain the previous numerical system, particularly for states. [10]

In 2008, NIST withdrew the FIPS 55-3 database. [7] This database included 5-digit numeric place codes for cities, towns, and villages, or other centers of population in the United States. The codes were assigned alphabetically to places within each state, and as a result changed frequently in order to maintain the alphabetical sorting. NIST replaced these codes with the more permanent GNIS Feature ID, maintained by the U.S. Board on Geographic Names. The GNIS database is the official geographic names repository database for the United States, and is designated the only source of geographic names and locative attributes for use by the agencies of the Federal Government. [11] FIPS 8-6 "Metropolitan Areas" and 9-1 "Congressional Districts of the U.S." were also withdrawn in 2008, to be replaced with INCITS standards 454 and 455, respectively. [9]

The U.S. Census Bureau used FIPS place codes database to identify legal and statistical entities for county subdivisions, places, and American Indian areas, Alaska Native areas, or Hawaiian home lands when they needed to present census data for these areas. [12]

In response to the NIST decision, the Census Bureau is in the process of transitioning over to the GNIS Feature ID, which will be completed after the 2010 census.[ needs update ] Until then, previously issued FIPS place codes, renamed "Census Code", will continue to be used, with the Census bureau assigning new codes as needed for their internal use during the transition. [10] [13]

See also

Related Research Articles

<span class="mw-page-title-main">Advanced Encryption Standard</span> Standard for the encryption of electronic data

The Advanced Encryption Standard (AES), also known by its original name Rijndael, is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001.

<span class="mw-page-title-main">Data Encryption Standard</span> Early unclassified symmetric-key block cipher

The Data Encryption Standard is a symmetric-key algorithm for the encryption of digital data. Although its short key length of 56 bits makes it too insecure for modern applications, it has been highly influential in the advancement of cryptography.

The National Institute of Standards and Technology (NIST) is an agency of the United States Department of Commerce whose mission is to promote American innovation and industrial competitiveness. NIST's activities are organized into physical science laboratory programs that include nanoscale science and technology, engineering, information technology, neutron research, material measurement, and physical measurement. From 1901 to 1988, the agency was named the National Bureau of Standards.

<span class="mw-page-title-main">Triple DES</span> Block cipher

In cryptography, Triple DES, officially the Triple Data Encryption Algorithm, is a symmetric-key block cipher, which applies the DES cipher algorithm three times to each data block. The 56-bit key of the Data Encryption Standard (DES) is no longer considered adequate in the face of modern cryptanalytic techniques and supercomputing power; Triple DES increases the effective security to 112 bits. A CVE released in 2016, CVE-2016-2183, disclosed a major security vulnerability in the DES and 3DES encryption algorithms. This CVE, combined with the inadequate key size of 3DES, led to NIST deprecating 3DES in 2019 and disallowing all uses by the end of 2023. It has been replaced with the more secure, more robust AES.

FIPS state codes were numeric and two-letter alphabetic codes defined in U.S. Federal Information Processing Standard Publication 5-2 to identify U.S. states and certain other associated areas. The standard superseded FIPS PUB 5-1 on May 28, 1987, and was superseded on September 2, 2008, by ANSI standard INCITS 38:2009.

The Federal Information Processing Standard Publication 6-4 is a five-digit Federal Information Processing Standards code which uniquely identified counties and county equivalents in the United States, certain U.S. possessions, and certain freely associated states.

The Advanced Encryption Standard (AES), the symmetric block cipher ratified as a standard by National Institute of Standards and Technology of the United States (NIST), was chosen using a process lasting from 1997 to 2000 that was markedly more open and transparent than its predecessor, the Data Encryption Standard (DES). This process won praise from the open cryptographic community, and helped to increase confidence in the security of the winning algorithm from those who were suspicious of backdoors in the predecessor, DES.

Articles related to standards include:

The 140 series of Federal Information Processing Standards (FIPS) are U.S. government computer security standards that specify requirements for cryptographic modules.

SHA-2 is a set of cryptographic hash functions designed by the United States National Security Agency (NSA) and first published in 2001. They are built using the Merkle–Damgård construction, from a one-way compression function itself built using the Davies–Meyer structure from a specialized block cipher.

Information security standards are techniques generally outlined in published materials that attempt to protect a user's or organization's cyber environment. This environment includes users themselves, networks, devices, all software, processes, information in storage or transit, applications, services, and systems that can be connected directly or indirectly to networks.

Dual_EC_DRBG is an algorithm that was presented as a cryptographically secure pseudorandom number generator (CSPRNG) using methods in elliptic curve cryptography. Despite wide public criticism, including the public identification of the possibility that the National Security Agency put a backdoor into a recommended implementation, it was, for seven years, one of four CSPRNGs standardized in NIST SP 800-90A as originally published circa June 2006, until it was withdrawn in 2014.

The following outline is provided as an overview of and topical guide to cryptography:

The Federal Information Processing Standard Publication 140-3 is a U.S. government computer security standard used to approve cryptographic modules. The title is Security Requirements for Cryptographic Modules. Initial publication was on March 22, 2019 and it supersedes FIPS 140-2.

Date and time notation in the United States differs from that used in nearly all other countries. It is inherited from one historical branch of conventions from the United Kingdom. American styles of notation have also influenced customs of date notation in Canada, creating confusion in international commerce.

Storage security is a specialty area of security that is concerned with securing data storage systems and ecosystems and the data that resides on these systems.

The IBM 4769 PCIe Cryptographic Coprocessor is a hardware security module (HSM) that includes a secure cryptoprocessor implemented on a high-security, tamper resistant, programmable PCIe board. Specialized cryptographic electronics, microprocessor, memory, and random number generator housed within a tamper-responding environment provide a highly secure subsystem in which data processing and cryptography can be performed. Sensitive key material is never exposed outside the physical secure boundary in a clear format.

References

  1. 1 2 "FIPS General Information". NIST. 2013-09-09. Retrieved 2023-11-17.
  2. "FIPS 197" (PDF).
  3. "FIPS 46-3" (PDF).
  4. "Minimum Security Requirements for Federal Information and Information Systems" (PDF). 2007-03-01. Retrieved 2015-04-01.
  5. "87-20-20 Key Escrow Encryption Policies and Technologies" (PDF). 1998-06-01. Archived from the original (PDF) on 2015-02-14. Retrieved 2015-02-14.
  6. "FIPS-185 Escrowed Encryption Standard" (PDF). 1994-02-01. Retrieved 2015-04-01.
  7. 1 2 National Institute of Standards and Technology (2016-12-15). "Withdrawn FIPS Listed by Number". National Institute of Standards and Technology. Archived (PDF) from the original on 2023-05-06. Retrieved 2023-05-06.
  8. Turner, James M. (2008-09-02). "Announcing Approval of the Withdrawal of Ten Federal Information Processing Standards (FIPS)". NIST . 73. Federal Register: 51276. Retrieved 2017-11-02.
  9. 1 2 "FIPS Code Replacement Chart 2012" (PDF). National Institute of Standards and Technology. 2012-06-28. Archived (PDF) from the original on 2012-05-20. Retrieved 2013-03-06.
  10. 1 2 "American National Standards Institute (ANSI) Codes". United States Census Bureau. February 24, 2010. Retrieved 2010-08-03.
  11. "FIPS 55 Change Notice" (PDF). United States Geological Survey. January 1, 2006. Archived (PDF) from the original on 2006-04-14. Retrieved 2010-08-03.
  12. "Federal Information Processing Standard (FIPS)". United States Census Bureau. Archived from the original on 2014-02-07. Retrieved 2010-08-03.
  13. "2009 TIGER/Line Shapefiles Technical Documentation" (PDF). United States Census Bureau. 2009. Archived (PDF) from the original on 2015-03-06. Retrieved 2010-08-03.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.