FIPS Overview

  •  
  •  
  •  
  •  

FIPS

FIPS stands for Federal Information Processing Standards.

FIPS are a series of Federal standards documents; many of them describe security methodologies. They dictate how Federal Agencies are to process their data. In the past, a waiver could be obtained for Agencies that had trouble conforming to a FIPS standard – but no more.

This declaration is pasted into the NIST FIPS page:

“With the passage of the Federal Information Security Management Act (FISMA) of 2002, there is no longer a statutory provision to allow for agencies to waive mandatory Federal Information Processing Standards (FIPS). The waiver provision had been included in the Computer Security Act of 1987; however, FISMA supersedes that Act. Therefore, the references to the “waiver process” contained in many of the FIPS are no longer operative.”

Therefore, vendors that sell to the government need to first have their products certified as “FIPS compliant”. Most telecom vendor security hardware such as VPN boxes and encryption devices must be certified as FIPS 140-2 compliant (the previous version was FIPS 140-1). FIPS 140-2 is called “Security Requirements for Cryptographic Modules“.

Standards, Standards, Standards – and Certification

The most crucial certification standards that security products vendors want to pass are CC (Common Criteria – ratings EAL1 through EAL7) and the FIPS 140-2 (Pass or Fail). But there are tons more.

Nevertheless, if you get both CC and FIPS 140-2 compliancy certifications – they can help comply with other requirements such as:

  • NIST Special Publication 800-23.
  • Gramm-Leach-Bliley Act (GLBA)
  • EU Data Protection Directive.
  • EU Electronic Signature Directive.
  • DOCSIS cable modem standard.
  • NSTISSP No.11 DOD 8500.
  • ISO 17799 ISO 15408.
  • ISO 11568 ISO 15782.
  • ASCI33 FISMA
  • NATO standard USPS IBIP.
  • 21 CFR Part 11 DITSCAP.
  • COBIT BITS
  • CAN CAPS
  • HIPPA COPPA
  • E-SIGN GISRA
  • 3-D Secure CISP
  • IDENTRUS CESG
  • DCID 6-3 EMV
  • IEEE P2200 BOSS ANSI X9.66.
  • IEEE P1700 TM OMB A-130.

FIPS documents

Here are the primary FIPS documents with links to the actual documents:

FIPS 31 June 1974, Guidelines for Automatic Data Processing Physical Security and Risk Management.
NOTE: The layout of the electronic version FIPS 31 is not an exact photocopy of the regular original hard-copy.; All text and images are the same in the electronic version as the original hard-copy.; The electronic version takes up more pages.; If you want the original layout of this FIP PUB 31 go to this page to get the information to order a copy.

2 different file formats:
pdf file (1.11 MB)
zipped pdf file (1.02 MB)

FIPS 46-3 October 1999, Data Encryption Standard (DES); specifies the use of Triple DES

pdf file; (178 KB)

FIPS 48 April 1977, Guidelines on Evaluation of Techniques for Automated Personal Identification

No electronic version available.

FIPS 73 June 1980, Guidelines for Security of Computer Applications

pdf file; (350 KB)

FIPS 74 April 1981, Guidelines for Implementing and Using the NBS Data Encryption Standard Part 1 of 3

Word Perfect file; (63.2 KB)

April 1981, Guidelines for Implementing and Using the NBS Data Encryption Standard Part 2 of 3

Word Perfect file; (884 KB)

April 1981, Guidelines for Implementing and Using the NBS Data Encryption Standard Part 3 of 3

Word Perfect file; (546 KB)

FIPS 81 December 1980,
DES Modes of Operation (includes Change Notice 1)

Change Notice 2 [PDF] 1996 May 31
Change Notice 3 [PDF]

FIPS
83
September 1980, Guideline on User Authentication Techniques for Computer Network Access Control

No electronic version available.

FIPS 87 March 1981, Guidelines for ADP Contingency Planning

pdf file; (376 KB)

FIPS
102
September 1983, Guidelines for Computer Security Certification and Accreditation

7 parts:
pdf file; (803 KB)
pdf file; (784 KB)
pdf file; (631 KB)
pdf file; (967 KB)
pdf file; (832 KB)
pdf file; (489 KB)
pdf file; (721 KB)

FIPS 112 May 1985, Password Usage (part 1)

3 file formats:
pdf file (70.4 KB)
Postscript file; (276 KB)
Word Perfect file; (98.5 KB)

Password Usage (part 2)

3 file formats:
pdf file (66.3 KB)
Postscript file; (791 KB)
Word Perfect file; (96 KB)

FIPS 113 May 1985, Computer Data Authentication

No electronic version available.

FIPS 140-1 Jan. 1994, Security Requirements for Cryptographic Modules

2 file formats:
pdf file (283 KB)
html Web page; (136 KB)

FIPS 140-2 June 2001, Security requirements for Cryptographic Modules

pdf file (1.39 MB)
Zipped pdf file (810 KB)
Annex A: Approved Security Functions [PDF] Annex B: Approved Protection Profiles [PDF] Annex C: Approved Random Number Generators [PDF] Annex D: Approved Key Establishment Techniques [PDF]

FIPS 171 April 1992, Key Management Using ANSI X9.17

Text file; (74.9 KB)

FIPS 180-2 August 2002, Secure Hash Standard (SHS)

February 2004 — A change notice for FIPS 180-2 has been attached that specifies SHA-224 and discusses truncation of the hash function output in order to provide interoperability.
1 file format:
pdf file; (237 KB)

FIPS 181 October 1993, Automated Password Generator

Text file; (20.5 KB)

FIPS 185 February 1994, Escrowed Encryption Standard

Text file; (18.7 KB)

FIPS 186-2 January 2000, Digital Signature Standard (DSS)
October 2001
A change notice for FIPS 186-2, Digital Signature Standard (DSS) (.pdf file), has been made available that addresses key sizes and random number generation. This change notice replaces the item that was posted on August
3, 2001, Recommendations Regarding Federal Information Processing Standard (FIPS) 186-2, Digital Signature Standard (DSS). Comments and questions for this recommendation are requested and may be addressed to [email protected].

1 file format:
pdf file;(312 KB)

FIPS 188 September 1994, Standard Security Labels for Information Transfer

4 file formats:
Html webpage (63 KB)
pdf file (86.4 KB)
Postscript file; (325 KB)
Text file; (53.1 KB)

FIPS 190 September 1994, Guideline for the Use of Advanced Authentication Technology Alternatives

Text file (161 KB)

FIPS 191 November 1994, Guideline for The Analysis of Local Area Network Security

pdf file; (143 KB)

FIPS 196 February 1997, Entity Authentication Using Public Key Cryptography

2 file formats:
Postscript file; (369 KB)
pdf file; (159 KB)

FIPS 197

November 2001, Advanced Encryption Standard
Federal Agencies should also see OMB guidance.

2 file formats:
pdf file; (272 KB)
Postscript file (1.96 MB)

FIPS 198

March 2002, The Keyed-Hash Message Authentication Code (HMAC)

pdf file; (173 KB)
This document file was updated on April 8, 2002.

FIPS 199

February 2004, Standards for Security Categorization of Federal Information and Information Systems

pdf file; (60 KB)

Key References

  • “Information Technology Laboratory | NIST”. Accessed February 19, 2021. Link.
  • “Search | CSRC”. Accessed February 19, 2021. Link.

  •  
  •  
  •  
  •  

LEAVE A REPLY

Please enter your comment!
Please enter your name here