Federal Information Processing Standards Publications
|FIPS NO.||TITLE-DATE & BRIEF DESCRIPTION|
Security Requirements for Cryptographic Modules -- 01 May
- This Federal Information Processing Standard
(140-2) was recently approved by the Secretary of Commerce. It
specifies the security requirements that will be satisfied by
a cryptographic module, providing four increasing, qualitative
levels intended to cover a wide range of potential applications
and environments. The areas covered, related to the secure design
and implementation of a cryptographic module, include specification;
ports and interfaces; roles, services, and authentication; finite
state model; physical security; operational environment; cryptographic
key management; electromagnetic interference/electromagnetic
compatibility (EMI/EMC); self-tests; design assurance; and mitigation
of other attacks.
Secure Hash Standard (SHS) -- 2008 October
FIPS 180-3 superseded FIPS 180-2 as of October 17, 2008.
Automated Password Generator (APG) -- 93 Oct 05
-Specifies a standard to be used by Federal organizations that require computer generated pronounceable passwords to authenticate the personal identity of an automated data processing (ADP) system user, and to authorize access to system resources. The standard describes an automated password generation algorithm that randomly creates simple pronounceable syllables as passwords. The password generator accepts input from a random number generator based on the Data Encryption Standard (DES) cryptographic algorithm defined in Federal Information Processing Standard 46-2.
Escrowed Encryption Standard (EES) -- 94 Feb 09
-This non-mandatory standard provides an encryption/decryption algorithm and a Law Enforcement Access Field (LEAF) creation method which may be implemented in electronic devices and may be used at the option of government agencies to protect government telecommunications. The algorithm and the LEAF creation method are classified and are referenced, but not specified, in the standard. Electronic devices implementing this standard may be designed into cryptographic modules which are integrated into data security products and systems for use in data security applications. The LEAF is used in a key escrow system that provides for decryption of telecommunications when access to the telecommunications is lawfully authorized.
Digital Signature Standard (DSS) -- 09 June
- The Standard specifies a suite of algorithms that can be used to generate a digital signature. Digital signatures are used to detect unauthorized modifications to data and to authenticate the identity of the signatory. In addition, the recipient of signed data can use a digital signature as evidence in demonstrating to a third party that the signature was, in fact, generated by the claimed signatory. This is known as non-repudiation, since the signatory cannot easily repudiate the signature at a later time. This Standard specifies three techniques for the generation and verification of digital signatures: DSA, ECDSA and RSA. This revision increases the length of the keys allowed for DSA, provides additional requirements for the use of ECDSA and RSA, and includes requirements for obtaining assurances necessary for valid digital signatures. This revision supersedes FIPS 186-2 in its entirety.
Standard Security Label for Information Transfer -- 94 Sept 6
-Defines a security label syntax for information exchanged over data networks and provides label encodings for use at the Application and Network Layers. ANSI/TIA/EIA-606-1993
Guideline for the Use of Advanced Authentication Technology Alternatives
-- 94 Sept 28
-Describes the primary alternative methods for verifying the identities of computer system users, and provides recommendations to Federal agencies and departments for the acquisition and use of technology which supports these methods.
Guideline for the Analysis of Local Area Network Security --
94 Nov 9
- Discusses threats and vulnerabilities and considers technical security services and security mechanisms.
Entity Authentication Using Public Key Cryptography -- 1997 Feb
- Specifies two challenge-response protocols by which entitites in a computer system may authenticate their identities to one another. These protocols may be used during session initiation, and at any other time that entity authentication is necessary. Depending on which protocol is implemented, either one or both entities involved may be authenticated. The defined protocols are derived from an international standard for entity authentication based on public key cryptography, which uses digital signatures and random number challenges.
|197|| Advanced Encryption Standard (AES), 2001 November 26.
-The Advanced Encryption Standard (AES) specifies a FIPS-approved cryptographic algorithm that can be used to protect electronic data. The AES algorithm is a symmetric block cipher that can encrypt (encipher) and decrypt (decipher) information. Encryption converts data to an unintelligible form called ciphertext; decrypting the ciphertext converts the data back into its original form, called plaintext.
|198-1|| The Keyed-Hash Message Authentication Code (HMAC), 2008 July.
-This standard describes a keyed-hash message authentication code (HMAC), a mechanism for message authentication using cryptographic hash functions. HMAC can be used with any iterative Approved cryptographic hash function, in combination with a shared secret key. This revision supersedes FIPS 198.
|199|| Standards for Security Categorization of Federal Information
and Information Systems, 2004 February
FIPS 199 addresses one of the requirements specified in the Federal Information Security Management Act (FISMA) of 2002, which requires all federal agencies to develop, document, and implement agency-wide information security programs for the information and information systems that support the operations and the assets of the agency, including those provided or managed by another agency, contractor, or other source. FIPS 199 provides security categorization standards for information and information systems. Security categorization standards make available a common framework and method for expressing security. They promote the effective management and oversight of information security programs, including the coordination of information security efforts throughout the civilian, national security, emergency preparedness, homeland security, and law enforcement communities. Such standards also enable consistent reporting to OMB and Congress on the adequacy and effectiveness of information security policies, procedures, and practices.
|200|| Minimum Security Requirements for Federal Information and Information Systems, 2006 March
FIPS 200 is the second standard that was specified by the Federal Information Security Management Act of 2002 (FISMA). It is an integral part of the risk management framework that NIST has developed to assist federal agencies in providing levels of information security based on levels of risk. FIPS 200 specifies minimum security requirements for federal information and information systems and a risk-based process for selecting the security controls necessary to satisfy the minimum requirements.
Personal Identity Verification
for Federal Employees and Contractors, 2006 March