The Federal Information Processing Standards (FIPS) of the United States are a set of publicly announced standards that the National Institute of Standards and Technology (NIST) has developed for use in computer systems of non-military, American government agencies and contractors.FIPS standards establish requirements for ensuring computer security and interoperability, and are intended for cases in which suitable industry standards do not already exist. Many FIPS specifications are modified versions of standards the technical communities use, such as the American National Standards Institute (ANSI), the Institute of Electrical and Electronics Engineers (IEEE), and the International Organization for Standardization (ISO).
The U.S. government has developed various FIPS specifications to standardize a number of topics including:
Some FIPS standards are related to the security of data processing systems.Some of these include the use of key escrow systems.
Some examples of FIPS Codes for geographical areas include FIPS 10-4 for country codes or region codes and FIPS 5-2 for state codes. These codes were similar to or comparable with, but not the same as, ISO 3166, or the NUTS standard of the European Union. In 2002, the National Institute of Standards and Technology (NIST) withdrew several geographic FIPS code standards, including those for countries (FIPS 10-4), U.S. states (FIPS 5-2), and counties (FIPS 6-4).These are to be replaced by ISO 3166 and INCITS standards 38 and 31, respectively. Some of the codes maintain the previous numerical system, particularly for states.
In 2008, NIST withdrew the FIPS 55-3 database.This database included 5-digit numeric place codes for cities, towns, and villages, or other centers of population in the United States. The codes were assigned alphabetically to places within each state, and as a result changed frequently in order to maintain the alphabetical sorting. NIST replaced these codes with the more permanent GNIS Feature ID, maintained by the U.S. Board on Geographic Names. The GNIS database is the official geographic names repository database for the United States, and is designated the only source of geographic names and locative attributes for use by the agencies of the Federal Government. FIPS 8-6 "Metropolitan Areas" and 9-1 "Congressional Districts of the U.S." were also withdrawn in 2008, to be replaced with INCITS standards 454 and 455, respectively.
The U.S. Census Bureau used FIPS place codes database to identify legal and statistical entities for county subdivisions, places, and American Indian areas, Alaska Native areas, or Hawaiian home lands when they needed to present census data for these areas.
In response to the NIST decision, the Census Bureau is in the process of transitioning over to the GNIS Feature ID, which will be completed after the 2010 Census. Until then, previously issued FIPS place codes, renamed "Census Code", will continue to be used, with the Census bureau assigning new codes as needed for their internal use during the transition.
The Advanced Encryption Standard (AES), also known by its original name Rijndael, is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001.
The Data Encryption Standard is a symmetric-key algorithm for the encryption of digital data. Although its short key length of 56 bits makes it too insecure for modern applications, it has been highly influential in the advancement of cryptography.
The National Institute of Standards and Technology (NIST) is an agency of the United States Department of Commerce whose mission is to promote American innovation and industrial competitiveness. NIST's activities are organized into physical science laboratory programs that include nanoscale science and technology, engineering, information technology, neutron research, material measurement, and physical measurement. From 1901 to 1988, the agency was named the National Bureau of Standards.
In cryptography, Triple DES, officially the Triple Data Encryption Algorithm, is a symmetric-key block cipher, which applies the DES cipher algorithm three times to each data block. The Data Encryption Standard's (DES) 56-bit key is no longer considered adequate in the face of modern cryptanalytic techniques and supercomputing power. A CVE released in 2016, CVE-2016-2183 disclosed a major security vulnerability in DES and 3DES encryption algorithms. This CVE, combined with the inadequate key size of DES and 3DES, NIST has deprecated DES and 3DES for new applications in 2017, and for all applications by the end of 2023. It has been replaced with the more secure, more robust AES.
FIPS state codes were numeric and two-letter alphabetic codes defined in U.S. Federal Information Processing Standard Publication 5-2 to identify U.S. states and certain other associated areas. The standard superseded FIPS PUB 5-1 on May 28, 1987, and was superseded on September 2, 2008, by ANSI standard INCITS 38:2009.
The Federal Information Processing Standard Publication 6-4 is a five-digit Federal Information Processing Standards code which uniquely identified counties and county equivalents in the United States, certain U.S. possessions, and certain freely associated states.
The Advanced Encryption Standard (AES), the symmetric block cipher ratified as a standard by National Institute of Standards and Technology of the United States (NIST), was chosen using a process lasting from 1997 to 2000 that was markedly more open and transparent than its predecessor, the Data Encryption Standard (DES). This process won praise from the open cryptographic community, and helped to increase confidence in the security of the winning algorithm from those who were suspicious of backdoors in the predecessor, DES.
Articles related to standards include:
The Federal Information Processing Standard Publication 140-2,, is a U.S. government computer security standard used to approve cryptographic modules. The title is Security Requirements for Cryptographic Modules. Initial publication was on May 25, 2001, and was last updated December 3, 2002.
The 140 series of Federal Information Processing Standards (FIPS) are U.S. government computer security standards that specify requirements for cryptography modules.
FIPS 201 is a United States federal government standard that specifies Personal Identity Verification (PIV) requirements for Federal employees and contractors.
IT security standards or cyber security standards are techniques generally outlined in published materials that attempt to protect the cyber environment of a user or organization. This environment includes users themselves, networks, devices, all software, processes, information in storage or transit, applications, services, and systems that can be connected directly or indirectly to networks.
Security controls are safeguards or countermeasures to avoid, detect, counteract, or minimize security risks to physical property, information, computer systems, or other assets. In the field of information security, such controls protect the confidentiality, integrity and availability of information.
Dual_EC_DRBG is an algorithm that was presented as a cryptographically secure pseudorandom number generator (CSPRNG) using methods in elliptic curve cryptography. Despite wide public criticism, including the public identification of a backdoor, it was for seven years one of four CSPRNGs standardized in NIST SP 800-90A as originally published circa June 2006, until it was withdrawn in 2014.
The following outline is provided as an overview of and topical guide to cryptography:
The Federal Information Processing Standard Publication 140-3 is a U.S. government computer security standard used to approve cryptographic modules. The title is Security Requirements for Cryptographic Modules. Initial publication was on March 22, 2019 and it supersedes FIPS 140-2.
Storage security is a specialty area of security that is concerned with securing data storage systems and ecosystems and the data that resides on these systems.