![]() ![]() We welcome suggestions on how to improve this FAQ and correct errors. Various data such as names, telephone numbers, links to websites, etc. The NIST Standards Information Center makes every effort to provide accurate and complete information. A copy of the detailed justification document is filed at NIST and is available for public review. A notice announcing approval of the FIPS by the Secretary of Commerce is published in the Federal Register, and on NIST's electronic pages.ħ. NIST submits the recommended FIPS, the detailed justification document, and recommendations as to whether the standard should be compulsory and binding for Federal government use, to the Secretary of Commerce for approval.Ħ. A detailed justification document is prepared, analyzing the comments received and explaining whether modifications were made, or explaining why recommended changes were not made.ĥ. Comments received in response to the Federal Register notice and to the other notices are reviewed by NIST to determine if modifications to the proposed FIPS are needed.Ĥ. A 30 to 90-day period is provided for review and for submission of comments on the proposed FIPS to NIST.ģ. The text and associated specifications, if applicable, of the proposed FIPS are posted on the NIST electronic pages.Ģ. on the electronic pages of the Chief Information Officers Council ( ).in the Federal Register for public review and comment.The proposed FIPS is announced in the following manners: NIST follows rulemaking procedures modeled after those established by the Administrative Procedures Act.ġ. In other cases, a FIPS may be withdrawn when a commercial product that implements the standard becomes widely available. This eliminates the cost to the government of developing its own standards. 104-113), to use technical industry standards that are developed by voluntary consensus standards bodies. Federal government departments and agencies are directed by the National Technology Transfer and Advancement Act of 1995 (P.L. When industry standards become available the federal government will withdraw a FIPS. While FIPS is required for federal government users, the standards are valuable resources for non-government organizations looking to establish strong information security programs. What does FIPS mean for non-government organizations? Some FIPS may still contain language referring to the “waiver process,” but this no longer valid. The Computer Security Act of 1987 contained a waiver process for FIPS however, this Act was superseded by FISMA of 2002, which no longer allows this practice. State agencies administering federal programs like unemployment insurance, student loans, Medicare, and Medicaid must comply with FISMA. Private sector companies with government contracts must also comply with FISMA, which mandates the use of FIPS. FIPS do not apply to national security systems (as defined in Title III, Information Security, of FISMA). The applicability section of each FIPS details when the standard is applicable and mandatory. FIPS are not always mandatory for Federal agencies. SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions - 2015 August Personal Identity Verification (PIV) of Federal Employees and Contractors - 2013 August Minimum Security Requirements for Federal Information and Information Systems- 2006 March Standards for Security Categorization of Federal Information and Information Systems- 2004 February The Keyed-Hash Message Authentication Code (HMAC)- 2008 July Secure Hash Standard (SHS) - 2015 Augustĭigital Signature Standard (DSS) - 13 JulyĪdvanced Encryption Standard (AES)- 2001 November 26 Security Requirements for Cryptographic Modules - 01 May 25 (Supersedes FIPS PUB 140-1, 1994 January 11). The most current FIPS can be found on NIST’s Current FIPS webpage. Although FIPS are developed for use by the federal government, many in the private sector voluntarily use these standards. These standards and guidelines are developed when there are no acceptable industry standards or solutions for a particular government requirement. What are Federal Information Processing Standards (FIPS)?įIPS are standards and guidelines for federal computer systems that are developed by National Institute of Standards and Technology (NIST) in accordance with the Federal Information Security Management Act (FISMA) and approved by the Secretary of Commerce. What does FIPS mean for non-government organizations?.What are Federal Information Processing Standards (FIPS)?.(Note: Content may not be the most current.) ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |