Federal Information Processing Standards

Last updated

The Federal Information Processing Standards (FIPS) of the United States are a set of publicly announced standards that the National Institute of Standards and Technology (NIST) has developed for use in computer systems of non-military United States government agencies and contractors. [1] FIPS standards establish requirements for ensuring computer security and interoperability, and are intended for cases in which suitable industry standards do not already exist. [1] Many FIPS specifications are modified versions of standards the technical communities use, such as the American National Standards Institute (ANSI), the Institute of Electrical and Electronics Engineers (IEEE), and the International Organization for Standardization (ISO).

Contents

Specific areas of FIPS standardization

The U.S. government has developed various FIPS specifications to standardize a number of topics including:

Data security standards

Some FIPS standards are related to the security of data processing systems. [4] Some of these include the use of key escrow systems. [5] [6]

Withdrawal of geographic codes

Some examples of FIPS Codes for geographical areas include FIPS 10-4 for country codes or region codes and FIPS 5-2 for state codes. These codes were similar to or comparable with, but not the same as, ISO 3166, or the NUTS standard of the European Union. In 2002, the National Institute of Standards and Technology (NIST) withdrew several geographic FIPS code standards, including those for countries (FIPS 10-4), U.S. states (FIPS 5-2), and counties (FIPS 6-4). [7] [8] These are to be replaced by ISO 3166 and INCITS standards 38 and 31, respectively. [9] Some of the codes maintain the previous numerical system, particularly for states. [10]

In 2008, NIST withdrew the FIPS 55-3 database. [7] This database included 5-digit numeric place codes for cities, towns, and villages, or other centers of population in the United States. The codes were assigned alphabetically to places within each state, and as a result changed frequently in order to maintain the alphabetical sorting. NIST replaced these codes with the more permanent GNIS Feature ID, maintained by the U.S. Board on Geographic Names. The GNIS database is the official geographic names repository database for the United States, and is designated the only source of geographic names and locative attributes for use by the agencies of the Federal Government. [11] FIPS 8-6 "Metropolitan Areas" and 9-1 "Congressional Districts of the U.S." were also withdrawn in 2008, to be replaced with INCITS standards 454 and 455, respectively. [9]

The U.S. Census Bureau used FIPS place codes database to identify legal and statistical entities for county subdivisions, places, and American Indian areas, Alaska Native areas, or Hawaiian home lands when they needed to present census data for these areas. [12]

In response to the NIST decision, the Census Bureau is in the process of transitioning over to the GNIS Feature ID, which will be completed after the 2010 Census.[ needs update ] Until then, previously issued FIPS place codes, renamed "Census Code", will continue to be used, with the Census bureau assigning new codes as needed for their internal use during the transition. [10] [13]

See also

Related Research Articles

<span class="mw-page-title-main">Advanced Encryption Standard</span> Standard for the encryption of electronic data

The Advanced Encryption Standard (AES), also known by its original name Rijndael, is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001.

<span class="mw-page-title-main">Data Encryption Standard</span> Early unclassified symmetric-key block cipher

The Data Encryption Standard is a symmetric-key algorithm for the encryption of digital data. Although its short key length of 56 bits makes it too insecure for modern applications, it has been highly influential in the advancement of cryptography.

The National Institute of Standards and Technology (NIST) is an agency of the United States Department of Commerce whose mission is to promote American innovation and industrial competitiveness. NIST's activities are organized into physical science laboratory programs that include nanoscale science and technology, engineering, information technology, neutron research, material measurement, and physical measurement. From 1901 to 1988, the agency was named the National Bureau of Standards.

<span class="mw-page-title-main">Triple DES</span> Block cipher

In cryptography, Triple DES, officially the Triple Data Encryption Algorithm, is a symmetric-key block cipher, which applies the DES cipher algorithm three times to each data block. The Data Encryption Standard's (DES) 56-bit key is no longer considered adequate in the face of modern cryptanalytic techniques and supercomputing power. A CVE released in 2016, CVE-2016-2183 disclosed a major security vulnerability in DES and 3DES encryption algorithms. This CVE, combined with the inadequate key size of DES and 3DES, led to NIST deprecating DES and 3DES for new applications in 2017, and for all applications by the end of 2023. It has been replaced with the more secure, more robust AES.

FIPS state codes were numeric and two-letter alphabetic codes defined in U.S. Federal Information Processing Standard Publication 5-2 to identify U.S. states and certain other associated areas. The standard superseded FIPS PUB 5-1 on May 28, 1987, and was superseded on September 2, 2008, by ANSI standard INCITS 38:2009.

The Federal Information Processing Standard Publication 6-4 is a five-digit Federal Information Processing Standards code which uniquely identified counties and county equivalents in the United States, certain U.S. possessions, and certain freely associated states.

The Advanced Encryption Standard (AES), the symmetric block cipher ratified as a standard by National Institute of Standards and Technology of the United States (NIST), was chosen using a process lasting from 1997 to 2000 that was markedly more open and transparent than its predecessor, the Data Encryption Standard (DES). This process won praise from the open cryptographic community, and helped to increase confidence in the security of the winning algorithm from those who were suspicious of backdoors in the predecessor, DES.

Articles related to standards include:

<span class="mw-page-title-main">Federal Information Security Management Act of 2002</span> United States federal law

The Federal Information Security Management Act of 2002 is a United States federal law enacted in 2002 as Title III of the E-Government Act of 2002. The act recognized the importance of information security to the economic and national security interests of the United States. The act requires each federal agency to develop, document, and implement an agency-wide program to provide information security for the information and information systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor, or other source.

The 140 series of Federal Information Processing Standards (FIPS) are U.S. government computer security standards that specify requirements for cryptographic modules.

<span class="mw-page-title-main">FIPS 201</span> US Federal standard

FIPS 201 is a United States federal government standard that specifies Personal Identity Verification (PIV) requirements for Federal employees and contractors.

Information security standards or cyber security standards are techniques generally outlined in published materials that attempt to protect the cyber environment of a user or organization. This environment includes users themselves, networks, devices, all software, processes, information in storage or transit, applications, services, and systems that can be connected directly or indirectly to networks.

The following outline is provided as an overview of and topical guide to cryptography:

The Federal Information Processing Standard Publication 140-3 is a U.S. government computer security standard used to approve cryptographic modules. The title is Security Requirements for Cryptographic Modules. Initial publication was on March 22, 2019 and it supersedes FIPS 140-2.

Storage security is a specialty area of security that is concerned with securing data storage systems and ecosystems and the data that resides on these systems.

The IBM 4767 PCIe Cryptographic Coprocessor is a hardware security module (HSM) that includes a secure cryptoprocessor implemented on a high-security, tamper resistant, programmable PCIe board. Specialized cryptographic electronics, microprocessor, memory, and random number generator housed within a tamper-responding environment provide a highly secure subsystem in which data processing and cryptography can be performed. Sensitive key material is never exposed outside the physical secure boundary in a clear format.

References

  1. 1 2 "FIPS General Information". NIST. 2013-09-09. Retrieved 2023-11-17.
  2. "FIPS 197" (PDF).
  3. "FIPS 46-3" (PDF).
  4. "Minimum Security Requirements for Federal Information and Information Systems" (PDF). 2007-03-01. Retrieved 2015-04-01.
  5. "87-20-20 Key Escrow Encryption Policies and Technologies" (PDF). 1998-06-01. Retrieved 2015-02-14.
  6. "FIPS-185 Escrowed Encryption Standard" (PDF). 1994-02-01. Retrieved 2015-04-01.
  7. 1 2 National Institute of Standards and Technology (2016-12-15). "Withdrawn FIPS Listed by Number". National Institute of Standards and Technology. Archived (PDF) from the original on 2023-05-06. Retrieved 2023-05-06.
  8. Turner, James M. (2008-09-02). "Announcing Approval of the Withdrawal of Ten Federal Information Processing Standards (FIPS)". NIST . Federal Register. 73: 51276. Retrieved 2017-11-02.
  9. 1 2 "FIPS Code Replacement Chart 2012" (PDF). National Institute of Standards and Technology. 2012-06-28. Archived (PDF) from the original on 2012-05-20. Retrieved 2013-03-06.
  10. 1 2 "American National Standards Institute (ANSI) Codes". United States Census Bureau. February 24, 2010. Retrieved 2010-08-03.
  11. "FIPS 55 Change Notice" (PDF). United States Geological Survey. January 1, 2006. Archived (PDF) from the original on 2006-04-14. Retrieved 2010-08-03.
  12. "Federal Information Processing Standard (FIPS)". United States Census Bureau. Archived from the original on 2014-02-07. Retrieved 2010-08-03.
  13. "2009 TIGER/Line Shapefiles Technical Documentation" (PDF). United States Census Bureau. 2009. Archived (PDF) from the original on 2015-03-06. Retrieved 2010-08-03.