Federal Information Processing Standards (FIPS)

Federal Information Processing Standards (FIPS) are publicly announced standards developed by the United States federal government for use in computer systems by non-military government agencies and government contractors. These standards are issued by the National Institute of Standards and Technology (NIST) after approval by the Secretary of Commerce pursuant to the Federal Information Security Management Act (FISMA) of 2002.

History and Purpose

The FIPS program was established in 1968 by President Lyndon B. Johnson through the Bureau of the Budget (now the Office of Management and Budget, or OMB). Its creation was in response to the need for interoperability among federal computing systems, which were becoming increasingly diverse due to the rapid development in computing technology during the 1960s.

The primary purpose of FIPS is:

• To ensure that federal agencies and contractors use consistent and secure information processing methods.
• To achieve compatibility among data processing systems and equipment.
• To promote efficient and effective use of government information resources.
• To protect sensitive but unclassified information within government computer systems.

Development Process

The development of a FIPS standard involves several steps:

1. Need Identification: A need for a standard is identified by a government agency or through a public-private partnership.
2. Proposal: NIST drafts a proposal for the new standard.
3. Public Comment: The proposed standard is published for public review and comments, often for a period of 60 days.
4. Revision: Based on the feedback, NIST revises the draft.
5. Approval: The revised standard is then sent to the Secretary of Commerce for approval.
6. Publication: Once approved, the standard is published in the Federal Register and becomes mandatory for federal use.

Types of FIPS

FIPS cover a wide range of topics including:

• Data Encryption Standard (FIPS 46-3) - An older standard for encrypting electronic data.
• Advanced Encryption Standard (FIPS 197) - Current encryption standard used for securing sensitive data.
• Secure Hash Algorithm (SHA) series (e.g., SHA-1, SHA-2, SHA-3) for creating hash values from data.
• Standards for encoding and representing data, like ASCII (FIPS 1-2) and Unicode.
• Biometric standards for identification purposes.
• Guidelines for computer security, including FIPS 140 which specifies security requirements for cryptographic modules.

Impact and Compliance

Compliance with FIPS is mandatory for all federal agencies, which often extends to contractors and vendors providing IT services or products to the government. This requirement ensures that all systems interacting with federal networks are secure and interoperable. Non-compliance can lead to the inability to secure contracts or to connect with government systems.

References

• NIST FIPS Publications
• NIST Computer Security Resource Center - FIPS
• Wikipedia - Federal Information Processing Standards
• NIST FIPS Publications Archives

See Also

• NIST Standards
• Information Security Policies
• Cryptographic Standards
• Government Procurement Standards