Federal Information Processing Standards

Last updated

The United States' Federal Information Processing Standards (FIPS) are publicly announced standards developed by the National Institute of Standards and Technology for use in computer systems by non-military American government agencies and government contractors. [1]

Contents

FIPS standards are issued to establish requirements for various purposes such as ensuring computer security and interoperability and are intended for cases in which suitable industry standards do not already exist. [1] Many FIPS specifications are modified versions of standards used in the technical communities, such as the American National Standards Institute (ANSI), the Institute of Electrical and Electronics Engineers (IEEE), and the International Organization for Standardization (ISO).

Specific areas of FIPS standardization

The U.S. government has developed various FIPS specifications to standardize a number of topics including:

Data security standards

Some FIPS standards are related to the security of data processing systems. [4] Some of these include the use of key escrow systems. [5] [6]

Withdrawal of geographic codes

Some examples of FIPS Codes for geographical areas include FIPS 10-4 for country codes or region codes and FIPS 5-2 for state codes. These codes were similar to or comparable with, but not the same as, ISO 3166, or the NUTS standard of the European Union. In 2002, the National Institute of Standards and Technology (NIST) withdrew several geographic FIPS code standards, including those for countries (FIPS 10-4), U.S. states (FIPS 5-2), and counties (FIPS 6-4). [7] [8] These are to be replaced by ISO 3166 and INCITS standards 38 and 31, respectively. [9] Some of the codes maintain the previous numerical system, particularly for states. [10]

In 2008, NIST withdrew the FIPS 55-3 database. [7] This database included 5-digit numeric place codes for cities, towns, and villages, or other centers of population in the United States. The codes were assigned alphabetically to places within each state, and as a result changed frequently in order to maintain the alphabetical sorting. NIST replaced these codes with the more permanent GNIS Feature ID, maintained by the U.S. Board on Geographic Names. The GNIS database is the official geographic names repository database for the United States, and is designated the only source of geographic names and locative attributes for use by the agencies of the Federal Government. [11] FIPS 8-6 "Metropolitan Areas" and 9-1 "Congressional Districts of the U.S." were also withdrawn in 2008, to be replaced with INCITS standards 454 and 455, respectively. [9]

The U.S. Census Bureau used FIPS place codes database to identify legal and statistical entities for county subdivisions, places, and American Indian areas, Alaska Native areas, or Hawaiian home lands when they needed to present census data for these areas. [12]

In response to the NIST decision, the Census Bureau is in the process of transitioning over to the GNIS Feature ID, which will be completed after the 2010 Census. Until then, previously issued FIPS place codes, renamed "Census Code," will continue to be used, with the Census bureau assigning new codes as needed for their internal use during the transition. [10] [13]

See also

Related Research Articles

Advanced Encryption Standard Standard for the encryption of electronic data

The Advanced Encryption Standard (AES), also known by its original name Rijndael, is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001.

Data Encryption Standard Early unclassified symmetric-key block cipher

The Data Encryption Standard is a symmetric-key algorithm for the encryption of digital data. Although its short key length of 56 bits makes it too insecure for applications, it has been highly influential in the advancement of cryptography.

The National Institute of Standards and Technology (NIST) is a physical sciences laboratory and a non-regulatory agency of the United States Department of Commerce. Its mission is to promote innovation and industrial competitiveness. NIST's activities are organized into laboratory programs that include nanoscale science and technology, engineering, information technology, neutron research, material measurement, and physical measurement. From 1901–1988, the agency was named the National Bureau of Standards.

In cryptography, Triple DES, officially the Triple Data Encryption Algorithm, is a symmetric-key block cipher, which applies the DES cipher algorithm three times to each data block. The Data Encryption Standard's (DES) 56-bit key is no longer considered adequate in the face of modern cryptanalytic techniques and supercomputing power. However, an adapted version of DES, Triple DES (3DES), uses the same algorithm to produce a more secure encryption.

FIPS state codes were numeric and two-letter alphabetic codes defined in U.S. Federal Information Processing Standard Publication 5-2 to identify U.S. states and certain other associated areas. The standard superseded FIPS PUB 5-1 on May 28, 1987, and was superseded on September 2, 2008, by ANSI standard INCITS 38:2009.

The Federal Information Processing Standard Publication 6-4 is a five-digit Federal Information Processing Standards code which uniquely identified counties and county equivalents in the United States, certain U.S. possessions, and certain freely associated states.

The Advanced Encryption Standard (AES), the symmetric block cipher ratified as a standard by National Institute of Standards and Technology of the United States (NIST), was chosen using a process lasting from 1997 to 2000 that was markedly more open and transparent than its predecessor, the Data Encryption Standard (DES). This process won praise from the open cryptographic community, and helped to increase confidence in the security of the winning algorithm from those who were suspicious of backdoors in the predecessor, DES.

Articles related to standards include:

Geographic Names Information System Geographical database

The Geographic Names Information System (GNIS) is a database that contains name and locative information about more than two million physical and cultural features located throughout the United States and its territories. It is a type of gazetteer. GNIS was developed by the United States Geological Survey (USGS) in cooperation with the United States Board on Geographic Names (BGN) to promote the standardization of feature names.

CRYPTREC is the Cryptography Research and Evaluation Committees set up by the Japanese Government to evaluate and recommend cryptographic techniques for government and industrial use. It is comparable in many respects to the European Union's NESSIE project and to the Advanced Encryption Standard process run by National Institute of Standards and Technology in the U.S..

The 140 series of Federal Information Processing Standards (FIPS) are U.S. government computer security standards that specify requirements for cryptography modules.

Cybersecurity standards are techniques generally set forth in published materials that attempt to protect the cyber environment of a user or organization. This environment includes users themselves, networks, devices, all software, processes, information in storage or transit, applications, services, and systems that can be connected directly or indirectly to networks.

Security controls are safeguards or countermeasures to avoid, detect, counteract, or minimize security risks to physical property, information, computer systems, or other assets. In the field of information security, such controls protect the confidentiality, integrity and availability of information.

The following outline is provided as an overview of and topical guide to cryptography:

The Federal Information Processing Standard Publication 140-3,, is a U.S. government computer security standard used to approve cryptographic modules. The title is Security Requirements for Cryptographic Modules. Initial publication was on March 22, 2019 and it supersedes FIPS 140-2.

Storage security is a specialty area of security that is concerned with securing data storage systems and ecosystems and the data that resides on these systems.

The IBM 4767 PCIe Cryptographic Coprocessor is a hardware security module (HSM) that includes a secure cryptoprocessor implemented on a high-security, tamper resistant, programmable PCIe board. Specialized cryptographic electronics, microprocessor, memory, and random number generator housed within a tamper-responding environment provide a highly secure subsystem in which data processing and cryptography can be performed. Sensitive key material is never exposed outside the physical secure boundary in a clear format.

References

  1. 1 2 "FIPS General Information". 2013-09-09. Retrieved 2015-04-01.
  2. FIPS 46-3
  3. FIPS 197
  4. "Minimum Security Requirements for Federal Information and Information Systems" (PDF). 2007-03-01. Retrieved 2015-04-01.
  5. "87-20-20 Key Escrow Encryption Policies and Technologies" (PDF). 1998-06-01. Retrieved 2015-02-14.
  6. "FIPS-185 Escrowed Encryption Standard" (PDF). 1994-02-01. Retrieved 2015-04-01.
  7. 1 2 National Institute of Standards and Technology (2012-10-22). "Withdrawn FIPS Listed by Number" (PDF). National Institute of Standards and Technology . Retrieved 2013-03-06.
  8. Turner, James M. (2008-09-02). "Announcing Approval of the Withdrawal of Ten Federal Information Processing Standards (FIPS)". NIST . Federal Register. 73: 51276. Retrieved 2017-11-02.
  9. 1 2 "FIPS Code Replacement Chart 2012" (PDF). National Institute of Standards and Technology. 2012-06-28. Retrieved 2013-03-06.
  10. 1 2 "American National Standards Institute (ANSI) Codes". United States Census Bureau. February 24, 2010. Retrieved 2010-08-03.
  11. "FIPS 55 Change Notice" (PDF). United States Geological Survey. January 1, 2006. Retrieved 2010-08-03.
  12. "Federal Information Processing Standard (FIPS)". United States Census Bureau. Archived from the original on 2014-02-07. Retrieved 2010-08-03.
  13. "2009 TIGER/Line Shapefiles Technical Documentation" (PDF). United States Census Bureau. 2009. Retrieved 2010-08-03.