Federal Information Processing Standards

Last updated

The Federal Information Processing Standards (FIPS) of the United States are a set of publicly announced standards that the National Institute of Standards and Technology (NIST) has developed for use in computer systems of non-military, American government agencies and contractors. [1] FIPS standards establish requirements for ensuring computer security and interoperability, and are intended for cases in which suitable industry standards do not already exist. [1] Many FIPS specifications are modified versions of standards the technical communities use, such as the American National Standards Institute (ANSI), the Institute of Electrical and Electronics Engineers (IEEE), and the International Organization for Standardization (ISO).

Contents

Specific areas of FIPS standardization

The U.S. government has developed various FIPS specifications to standardize a number of topics including:

Data security standards

Some FIPS standards are related to the security of data processing systems. [4] Some of these include the use of key escrow systems. [5] [6]

Withdrawal of geographic codes

Some examples of FIPS Codes for geographical areas include FIPS 10-4 for country codes or region codes and FIPS 5-2 for state codes. These codes were similar to or comparable with, but not the same as, ISO 3166, or the NUTS standard of the European Union. In 2002, the National Institute of Standards and Technology (NIST) withdrew several geographic FIPS code standards, including those for countries (FIPS 10-4), U.S. states (FIPS 5-2), and counties (FIPS 6-4). [7] [8] These are to be replaced by ISO 3166 and INCITS standards 38 and 31, respectively. [9] Some of the codes maintain the previous numerical system, particularly for states. [10]

In 2008, NIST withdrew the FIPS 55-3 database. [7] This database included 5-digit numeric place codes for cities, towns, and villages, or other centers of population in the United States. The codes were assigned alphabetically to places within each state, and as a result changed frequently in order to maintain the alphabetical sorting. NIST replaced these codes with the more permanent GNIS Feature ID, maintained by the U.S. Board on Geographic Names. The GNIS database is the official geographic names repository database for the United States, and is designated the only source of geographic names and locative attributes for use by the agencies of the Federal Government. [11] FIPS 8-6 "Metropolitan Areas" and 9-1 "Congressional Districts of the U.S." were also withdrawn in 2008, to be replaced with INCITS standards 454 and 455, respectively. [9]

The U.S. Census Bureau used FIPS place codes database to identify legal and statistical entities for county subdivisions, places, and American Indian areas, Alaska Native areas, or Hawaiian home lands when they needed to present census data for these areas. [12]

In response to the NIST decision, the Census Bureau is in the process of transitioning over to the GNIS Feature ID, which will be completed after the 2010 Census. Until then, previously issued FIPS place codes, renamed "Census Code," will continue to be used, with the Census bureau assigning new codes as needed for their internal use during the transition. [10] [13]

See also

Related Research Articles

Advanced Encryption Standard Standard for the encryption of electronic data

The Advanced Encryption Standard (AES), also known by its original name Rijndael, is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001.

Country code Geographical code for countries

Country codes are short alphabetic or numeric geographical codes (geocodes) developed to represent countries and dependent areas, for use in data processing and communications. Several different systems have been developed to do this. The term country code frequently refers to ISO 3166-1 alpha-2 or international dialing codes, the E.164 country calling codes.

Data Encryption Standard Early unclassified symmetric-key block cipher

The Data Encryption Standard is a symmetric-key algorithm for the encryption of digital data. Although its short key length of 56 bits makes it too insecure for modern applications, it has been highly influential in the advancement of cryptography.

The National Institute of Standards and Technology (NIST) is a physical sciences laboratory and non-regulatory agency of the United States Department of Commerce. Its mission is to promote American innovation and industrial competitiveness. NIST's activities are organized into laboratory programs that include nanoscale science and technology, engineering, information technology, neutron research, material measurement, and physical measurement. From 1901 to 1988, the agency was named the National Bureau of Standards.

The U.S. National Security Agency (NSA) ranks cryptographic products or algorithms by a certification called product types. Product types are defined in the National Information Assurance Glossary which defines Type 1, 2, 3, and 4 products.

FIPS state codes were numeric and two-letter alphabetic codes defined in U.S. Federal Information Processing Standard Publication 5-2 to identify U.S. states and certain other associated areas. The standard superseded FIPS PUB 5-1 on May 28, 1987, and was superseded on September 2, 2008, by ANSI standard INCITS 38:2009.

The Federal Information Processing Standard Publication 6-4 is a five-digit Federal Information Processing Standards code which uniquely identified counties and county equivalents in the United States, certain U.S. possessions, and certain freely associated states.

The Advanced Encryption Standard (AES), the symmetric block cipher ratified as a standard by National Institute of Standards and Technology of the United States (NIST), was chosen using a process lasting from 1997 to 2000 that was markedly more open and transparent than its predecessor, the Data Encryption Standard (DES). This process won praise from the open cryptographic community, and helped to increase confidence in the security of the winning algorithm from those who were suspicious of backdoors in the predecessor, DES.

Articles related to standards include:

The FIPS 10-4 standard, Countries, Dependencies, Areas of Special Sovereignty, and Their Principal Administrative Divisions, was a list of two-letter country codes that were used by the U.S. Government for geographical data processing in many publications, such as the CIA World Factbook. The standard was also known as DAFIF 0413 ed 7 Amdt. No. 3 and as DIA 65-18.

The 140 series of Federal Information Processing Standards (FIPS) are U.S. government computer security standards that specify requirements for cryptography modules.

<span class="mw-page-title-main">IT security standards</span> Technology standards and techniques

IT security standards or cyber security standards are techniques generally outlined in published materials that attempt to protect the cyber environment of a user or organization. This environment includes users themselves, networks, devices, all software, processes, information in storage or transit, applications, services, and systems that can be connected directly or indirectly to networks.

Security controls are safeguards or countermeasures to avoid, detect, counteract, or minimize security risks to physical property, information, computer systems, or other assets. In the field of information security, such controls protect the confidentiality, integrity and availability of information.

The following outline is provided as an overview of and topical guide to cryptography:

The Federal Information Processing Standard Publication 140-3,, is a U.S. government computer security standard used to approve cryptographic modules. The title is Security Requirements for Cryptographic Modules. Initial publication was on March 22, 2019 and it supersedes FIPS 140-2.

Storage security is a specialty area of security that is concerned with securing data storage systems and ecosystems and the data that resides on these systems.

References

  1. 1 2 "FIPS General Information". 2013-09-09. Retrieved 2015-04-01.
  2. "FIPS 197" (PDF).
  3. "FIPS 46-3" (PDF).
  4. "Minimum Security Requirements for Federal Information and Information Systems" (PDF). 2007-03-01. Retrieved 2015-04-01.
  5. "87-20-20 Key Escrow Encryption Policies and Technologies" (PDF). 1998-06-01. Retrieved 2015-02-14.
  6. "FIPS-185 Escrowed Encryption Standard" (PDF). 1994-02-01. Retrieved 2015-04-01.
  7. 1 2 National Institute of Standards and Technology (2012-10-22). "Withdrawn FIPS Listed by Number" (PDF). National Institute of Standards and Technology . Retrieved 2013-03-06.
  8. Turner, James M. (2008-09-02). "Announcing Approval of the Withdrawal of Ten Federal Information Processing Standards (FIPS)". NIST . Federal Register. 73: 51276. Retrieved 2017-11-02.
  9. 1 2 "FIPS Code Replacement Chart 2012" (PDF). National Institute of Standards and Technology. 2012-06-28. Retrieved 2013-03-06.
  10. 1 2 "American National Standards Institute (ANSI) Codes". United States Census Bureau. February 24, 2010. Retrieved 2010-08-03.
  11. "FIPS 55 Change Notice" (PDF). United States Geological Survey. January 1, 2006. Retrieved 2010-08-03.
  12. "Federal Information Processing Standard (FIPS)". United States Census Bureau. Archived from the original on 2014-02-07. Retrieved 2010-08-03.
  13. "2009 TIGER/Line Shapefiles Technical Documentation" (PDF). United States Census Bureau. 2009. Retrieved 2010-08-03.