|
Note: Other FIPS PUBS not identified herein, may apply.
|
FIPS LISTED BY CATEGORIES
Last Date Created: 1998
Last Update: August 22, 2000
These entries include title, publication number, date of issue and a short abstract for each FIPS. Associated voluntary industry standards are indicated where appropriate and suggested solicitation wording is included where available. FIPS are listed by FIPS number within the following categories and subcategories.
Hardware and Software
Standards/Guidelines (HS)
Database
Electronic Data
Interchange
Information Interchange
Modeling Techniques
Data
Standards/Guidelines (DATA)
Representations and Codes
Computer
Security Standards/Guidelines (CS)
Access Control
Cryptography
General Computer Security
Risk Analysis and
Contingency Planning
Security Labels
Federal
Telecommunications Standards (FED-STDS)
These Federal
Telecommunications Standards (FED-STDS) were developed by the National
Communications System under a delegation of authority by the General Services
Administration, and were approved by GSA. These standards are included here to
assist Federal agencies.
FIPS publication list by
FIPS numbers
FIPS
PUBLICATION SERIES
HARDWARE
AND SOFTWARE STANDARDS AND GUIDELINES
Database
FIPSPUB127-2
DATABASE
LANGUAGE SQL, 1993 June 2.
Purpose:
FIPS 127-2 adopts American National Standard ANSI X3.135-1992 Database Language
SQL which defines the syntactic and semantic rules for database definition and
data manipulation in a relational model database management system.
Applicability:FIPS
127-2 Database Language SQL is suited for use by applications that employ the
relational data model.
Solicitation
Wording: Acquisition of Database Language SQL Processors
SQL
language processors offered as a result of the requirements of which this is a
part shall conform to the requirements in FIPS 127-2 Database Language. SQL.
These processors shall implement (1) all of the required language elements of
FIPS 127-2 not previously covered by a waiver, (2) all of the FIPS 127-2
options specified elsewhere in this requirements document, as well as, (3) all
default options required by Section 16 of FIPS 127-2, Special Procurement
Considerations. These processors shall also implement any additional language elements
specified elsewhere in this document [insert reference].
Solicitation
Wording:Development or Acquisition of Application Programs. When computer
application programs are developed or acquired as a result of the requirements
of which this is apart, and one of the FIPS programming languages is specified
elsewhere, in the requirements document [insert reference here], only the
language elements of that FIPS, as well as any additional language elements as
specified elsewhere in this document [insert reference] shall be used.
Electronic Data Interchange
FIPSPUB161-2
ELECTRONIC
DATA INTERCHANGE (EDI), 1996 May 22.
Purpose:
FIPS 161-2 adopts, with specific conditions, the families of EDI standards
known as X12, UN/EDIFACT and HL7 developed by national and international
standards developing organi zations. FIPS 161-2 does not mandate the
implementation of EDI systems within the Federal government, but requires the
use of the identified families of standards when Federal agencies and
organizations implement EDI systems.
Applicability:
This standard is applicable to the interchange of data between Federal agencies
or organizations if the data are to be transmitted electronically, and if X12,
UN/EDIFACT or HL7 standard messages meeting the data requirements of the
agencies or organizations for the subject of the interchange have been
developed and approved under the conditions set forth in FIPS 161-2.
Solicitation
Wording: Electronic Data Interchange systems offered as a result of the
requirements of which this is a part shall conform to the requirements
specified in FIPS 161-2.
Information Interchange
FIPSPUB
173-1
SPATIAL
DATA TRANSFER STANDARD (SDTS), 1994 June 10.
Purpose:Provides
specifications for the organization and structure of digital spatial data
transfer, definition of spatial features and attributes, data transfer encoding
and a topological vector profile (TVP). The purpose of this standard is to
promote and facilitate the transfer of digital spatial data between dissimilar
computer systems.
Applicability:For
use in the acquisition and development of Government applications and pro grams
involving the transfer of digital spatial data between dissimilar computer
systems, when the transfer of digital spatial data occurs or is likely to occur
within and/or outside of the Federal government. The use does not apply to the
transfer of digital geocoded data files which are not intended to represent
spatial entities as digital geographic or cartographic features, and is not
intended to facilitate product distribution of spatial data in a form designed
for direct access by applications software specific to a particular data
structure, class of computer platform, or distribution media.
Solicitation
Wording:Acquisition of Spatial Data Transfer Systems
When
computer application programs or systems are developed or acquired as a result
of the requirements of which this is a part and when the transfer of spatial
data is required between compatible as well as non-compatible systems, the
developed application or acquired system shall comply with the specifications
defined in FIPS 173-1.
FIPS
PUB 192
APPLICATION
PROFILE FOR THE GOVERNMENT INFORMATION LOCATOR SERVICE (GILS), 1994 June 10.
Purpose:
This standard describes an application profile for the Government Information
Locator Service (GILS). This application profile is based primarily on the
American National Standard for Information Retrieval Application Service
Definition and Protocol Specifica- tion for Open Systems Interconnection
(ANSI/NISO Z39.50-1992), developed by the National Information Standards Organization
(NISO). The Government Information Locator Service (GILS) is a decentralized
collection of servers and associated information services that will be used by
the public either directly or through intermediaries to find public information
throughout the Federal government.
FIPSPUB192-1(pt
a) and FIPSPUB192-1(pt.b)
APPLICATION
PROFILE FOR THE GOVERNMENT INFORMATION LOCATOR SERVICE (GILS), 1997 August 1.
Purpose:
Describes the United States Federal government use of the international
application profile for the GILS, also known as the Global Information Locator
Service. The GILS Profile is based parimarily on ISO 23950, presently
equivalent to the ANSI/NISO Z39.50-1995/Version 2. GILS is a decentralized
collection of servers and associated information services that will be used by
the public either directly or through intermediaries to find public information
throughout the Federal government.
Applicability:
Recommended for use in the development and establishment of information
locators, and required in the development and use of information locators
pursuant to the require ments of OMB Bulletin 95-01 and other applicable law,
regulation and policy. The GILS Core requirements apply to those GILS locator
records which:
·
describe
information resources maintained by the Federal government;
·
comply
with the defined GILS Core Elements;
·
are
mutually accessible through interconnected electronic network facilities
without charge to the direct user; and
·
are
designated by the agency to be part of the Federal government GILS Core,
pursuant to OMB Bulletin 95-01.
Solicitation
Wording: All GILS systems and servers offered as a result of this requirement
shall comply with FIPS 192-1.
Return to Table of Contents
Modeling
Techniques
FIPSPUB183
INTEGRATION
DEFINITION FOR FUNCTION MODELING (IDEFO), 1993 December 21.
Purpose:Describes
the IDEF0 modeling language (semantics and syntax), and associated rules and
techniques, for developing structured graphical representations of a system or
enterprise. Use of this standard permits the construction of models comprising
system functions (activities, actions, processes, operations), functional
relationships, and data (information or objects) that support systems
integration.
Applicability:This
standard is applicable when system or enterprise modeling techniques are
applied to projects requiring IDEFO as the modeling technique and to the
development of software tools implementing IDEFO modeling techniques. The use
of this standard is strongly recommended for projects that require a modeling
technique for the analysis, development, re-engineering, integra tion, or
acquisition of information systems; or that incorporate a systems or enterprise
modeling technique into a business process analysis or software engineering
methodology.
Solicitation
Wording:Integration Definition for Function Modeling Technique
Software,
systems or services offered as a result of this requirement for the Integration
Defini tion Language 0 (IDEFO) modeling technique shall conform to FIPS 183,
Integration Definition for Function Modeling (IDEFO).
FIPSPUB184
INTEGRATION
DEFINITION FOR INFORMATION MODELING (IDEF1X), 1993 December 21.
Purpose:Describes
the IDEF1X modeling language (semantics and syntax), and associated rules and
techniques, for developing a logical model of data. IDEF1X is used to produce a
graphical information model which represents the structure and semantics of
information within an environment or system. Use of this standard permits the
construction of semantic data models which may serve to support the management
of data as a resource, the integration of information systems, and the building
of computer databases.
Applicability:The
use of this standard is strongly recommended for projects requiring a standard
means of defining and analyzing the data resources within an organization. The
specifications of this standard are applicable when the IDEF1X data modeling
technique is required; to development of automated software tools to implement
IDEF1X modeling technique is required.
Solicitation
Wording:Integration Definition for Information Modeling Technique
Software,
systems or services offered as a result of this requirement for the Integration
Defini tion language 1X (IDEF1X) modeling technique shall conform to FIPS 184,
Integration Definition for Information Modeling (IDEF1X).
Return to the Table of Contents.
DATA STANDARDS AND
GUIDELINES
Representations and Codes
FIPSPUB4-2
REPRESENTATION
OF CALENDAR DATE FOR INFORMATION INTERCHANGE, 1998 November 15.
Purpose:
This standard provides a means of representing calendar date to facilitate
interchange of data among information systems. This standard adopts American
National Standard ANSI X3.30-1997: Representation of Date for Information
Interchange (revision of ANSI X3.30-1985 (R1991)). This standard reinforces the
Federal Government’s commitment to use data format standards that will
facilitate a smooth transition of systems in the year 2000. This standard is
being issued to preclude any confusion about the use of date format standards
within the Federal Government, and to carry out the objectives of the President’s
Council on Year 2000 Conversion.
Applicability:
This Data Standard is made available for data interchange among executive
departments and independent agencies, and for Federal data interchange with the
non-Federal sector including industry, State, local, and other governments, and
the public at large.
FIPS 4-2 supersedes FIPS
PUB 4-1, dated January 27, 1988, and updates the standard for representing
calendar date and implements the Federal Government's commitment to use
four-digit year elements (e.g., 1999, 2000, etc.) in its information technology
systems.
FIPSPUB5-2
CODES
FOR THE IDENTIFICATION OF THE STATES, THE DISTRICT OF COLUMBIA AND THE OUTLYING
AREAS OF THE UNITED STATES, AND ASSOCIATED AREAS, 1987 May 28.
Purpose:
Provides a set of two-digit numeric codes and a set of two-letter alphabetic
codes for representing the 50 states, the District of Columbia and the outlying
areas of the U.S., and associ ated areas such as the Federated States of
Micronesia and Marshall Islands, and the trust territory of Palau.
Applicability:
Systems requiring the interchange of data among Federal users and internal data
systems where such use contributes to operational benefits, efficiency and
economy.
Solicitation
Wording: Interchange of Machine Processable Data
All
application programs resulting from this requirement that have been identified
as those that will be interchanged, or that will record data that will be
interchanged with Federal agencies, State and local governments, industry, and
the public must implement FIPS 5-2 if the provisions of FIPS 5-2 apply to the
data being interchanged.
FIPSPUB6-4
COUNTIES
AND EQUIVALENT ENTITIES OF THE UNITED STATES, ITS POSSESSIONS, AND ASSOCIATED
AREAS, 1990 August 31.
Purpose:Provides
the names and three-digit codes that represent the counties and statistically
equivalent entities of the 50 States, the District of Columbia, and the
possessions and associated areas of the United States, for use in the
interchange of formatted machine-sensible data. Imple ments ANSI X3.31-1988.
Applicability:Systems
requiring the interchange of data among Federal ADP users and internal data
systems where such use contributes to operational benefits, efficiency and
economy.
Solicitation
Wording:Interchange of Machine Processable Data
All
application programs resulting from this requirement that have been identified
as those that will be interchanged, or that will record data that will be
interchanged with Federal agencies, State and local governments, industry, and
the public must implement FIPS 6-4 if the provisions of FIPS 6-4 apply to the
data being interchanged.
FIPSPUB 8-6
METROPOLITAN
AREAS (INCLUDING MSAs, CMSAs, PMSAs, AND NECMAs), 1995 March(reflects technical
changes through July 1, 1994).
Purpose:
Provides a four-digit numeric code for each Metropolitan Area (MAs) in the U.S.
and Puerto Rico, including units called Metropolitan Statistical Areas (MSAs),
Consolidated Metropoli tan Statistical Areas (CMSAs), and Primary Metropolitan
Statistical Areas (PMSAs), and related units called New England County
Metropolitan Areas (NECMAs). The general concept underlying MAs is that of a
core area containing a large population nucleus together with adjacent communities
having a high degree of economic and social integration with that core.
Applicability:
Systems requiring the interchange of data among Federal ADP users and internal
data systems where such use contributes to operational benefits, efficiency and
economy.
Solicitation
Wording: Interchange of Machine Processable Data
All
application programs resulting from this requirement that have been identified
as those that will be interchanged, or that will record data that will be
interchanged with Federal agencies, State and local governments, industry, and
the public must implement FIPS 8-6 if the provisions of FIPS 8-6 apply to the
data being interchanged.
FIPSPUB9-1
CONGRESSIONAL
DISTRICTS OF THE UNITED STATES, 1990 November 30.
Purpose:Provides
the structure of numeric codes for representing congressional districts and
similar areas defined for the various Congresses of the United States.
Applicability:
Systems requiring the interchange of data among Federal ADP users and internal
data systems where such use contributes to operational benefits, efficiency and
economy.
Solicitation
Wording: Interchange of Machine Processable Data
All
application programs resulting from this requirement that have been identified
as those that will be interchanged or that will record data that will be
interchanged with Federal agencies, State and local governments, industry, and
the public must implement FIPS 9-1 if the provisions of FIPS 9-1 apply to the
data being interchanged.
FIPSPUB10-4
COUNTRIES,
DEPENDENCIES, AREAS OF SPECIAL SOVEREIGNTY, AND THEIR PRINCIPAL ADMINISTRATIVE
DIVISIONS, 1995 April(reflects technical changes through May 6, 1993).
Purpose:
Provides a list of the basic geopolitical entities in the world, together with
the principal administrative divisions that comprise each entity. Each basic
geopolitical entity is represented by a two-character, alphabetic country code.
Each principal administrative division is identified by a four-character code
consisting of the two-character country code followed by a two-character
administrative division code. These codes are intended for use in activities
associated with the mission of the Department of State and in National defense
programs.
Applicability:
Systems requiring the interchange of data among Federal ADP users and internal
data systems where such use contributes to operational benefits, efficiency and
economy.
Solicitation
Wording: Interchange of Machine Processable Data
All
application programs resulting from this requirement that have been identified
as those that will be interchanged, or that will record data that will be
interchanged with Federal agencies, State and local governments, industry, and
the public must implement FIPS 10-4 if the provisions of FIPS 10-4 apply to the
data being interchanged.
NOTE: Change notices for FIPS 10-4 are issued by the National Imagery and
Mapping Agency (NIMA), and are available on NIMA's GEOnet Names Server (GNS)
at: http://164.214.2.59/gns/html/fips/fips_files.html
FIPSPUB55-DC3
~ 1998 version.
GUIDELINE:CODES
FOR NAMED POPULATED PLACES, PRIMARY COUNTY DIVISIONS, DC3 AND OTHER LOCATIONAL
ENTITIES OF THE UNITED STATES, PUERTO RICO, AND THE OUTLYING AREAS, 1994
December 28.
Purpose:
Provides a two-character State code and five-character numeric place code to
uniquely identify each listed entity. An exhaustive list is carried of
incorporated places, census designated places, primary county divisions,
recognized Indian reservations and Alaska Native villages, and counties. For
the data files, request the fifth printed version (hard copy) or the tenth
update tape. Implements ANSI X3.47-1993.
FIPSPUB55-3
GUIDELINE:
CODES FOR NAMED POPULATED PLACES, PRIMARY COUNTY DIVISIONS, AND OTHER
LOCATIONAL ENTITIES OF THE UNITED STATES, PUERTO RICO, AND THE OUTLYING AREAS,
1994 December 28. Same as FIPS PUB 55-DC3; (DOCUMENTATION ONLY).
FIPSPUB66
STANDARD
INDUSTRIAL CLASSIFICATION (SIC) CODES, 1979 August 15.
Purpose:The
Standard Industrial Classification (SIC) Manual for 1987 issued by the Office
of Management and Budget in the Executive Office of the President should be
used as the source of classifications, short titles, and codes for representing
industries as prescribed by FIPS PUB 66.
Applicability: Systems requiring the interchange of data among Federal ADP
users and internal data systems where such use contributes to operational
benefits, efficiency and economy.
Solicitation
Wording:Interchange of Machine Processable Data
All
application programs resulting from this requirement that have been identified
as those that will be interchanged, or that will record data that will be
interchanged with Federal agencies, State and local governments, industry, and
the public must implement FIPS 66 if the provisions of FIPS 66 apply to the
data being interchanged.
NOTE: 6/99 - The U.S. Standard Industrial Classification (SIC) system is being
replaced by the North American Industry Classification System (NAICS). NAICS is
available on the Bureau of Census Web pages: http://www.census.gov/epcd/www/naics.html.
FIPSPUB92
GUIDELINE
FOR STANDARD OCCUPATIONAL CLASSIFICATION (SOC) CODES, 1983 February 24.
Purpose:Adopts
a code set developed by the Office of Management and Budget to identify types
of occupational activities. The classification system includes all occupations
in which work is performed for pay or profit.
FIPS 95-2 HTML Version Coming Soon
CODES
FOR THE IDENTIFICATION OF FEDERAL AND FEDERALLY ASSISTED ORGANIZATIONS, 1999
April 15.
Purpose:
Specifies a four-character identifier for Federal Government Legislative,
Judicial and Executive Branch agencies, and for Federal-State, interstate and
international organizations that receive budgetary support. Also includes
government-sponsored enterprises and some Federally aided organizations.
Applicability:
Systems requiring the interchange of data among Federal ADP users and internal
data systems where such use contributes to operational benefits, efficiency and
economy.
Solicitation
Wording: Interchange of Machine Processable Data
All application
programs resulting from this requirement that have been identified as those
that will be interchanged, or that will record data that will be interchanged
with Federal agencies, State and local governments, industry, and the public
must implement FIPS 95-2 if the provisions of FIPS 95-2 apply to the data being
interchanged.
Return to the Table of Contents.
COMPUTER SECURITY
STANDARDS AND GUIDELINES
Access Control
FIPSPUB48
GUIDELINES ON EVALUATION OF TECHNIQUES FOR
AUTOMATED PERSONAL IDENTI FICATION, 1977 April 1.
Purpose:Discusses the performance of personal
identification devices, how to evaluate them, and considerations for their use
within the context of computer system security.
FIPSPUB83
GUIDELINE ON USER AUTHENTICATION TECHNIQUES
FOR COMPUTER NETWORK ACCESS CONTROL, 1980 September 29.
Purpose:Provides guidance in the selection
and implementation of techniques for authenticating the users of remote
terminals in order to safeguard against unauthorized access to computers and
computer networks.
FIPSPUB112
PASSWORD
USAGE, 1985 May 30.
Purpose:Defines
10 factors to be considered in the design, implementation and use of access
control systems that are based on passwords. It specifies minimum security
criteria for such systems and provides guidance for selecting additional
security criteria for password systems which must meet higher security
requirements.
Applicability:The
standard applies to all Federal departments and agencies determining a need for
using passwords for authenticating users of an ADP system, or for authorizing
access to data in the system. The standard provides a common foundation for
password systems and specifies basic security criteria for the use of such
systems.
Solicitation
Wording:Computer Systems Password Usage
If
a requirement is set forth elsewhere in this requirements document for the use
of passwords to authenticate users of an ADP System or to authorize access to
data in the System, the systems, equipment, and/or services provided to satisfy
that requirement must be in conformance with FIPS 112.
FIPSPUB190
GUIDELINE
FOR THE USE OF ADVANCED AUTHENTICATION TECHNOLOGY ALTERNATIVES, 1994 September
28.
Purpose:
Describes the primary alternative methods for verifying the identities of
computer sys tem users, and provides recommendations to Federal agencies and
departments for the acquisition and use of technology which supports these
methods.
FIPSPUB 196
ENTITY
AUTHENTICATION USING PUBLIC KEY CRYPTOGRAPHY, 1997 February 18.
Purpose:Specifies
two challenge-response protocols by which entitites in a computer system may
authenticate their identities to one another. These protocols may be used
during session initia tion, and at any other time that entity authentication is
necessary. Depending on which protocol is implemented, either one or both
entities involved may be authenticated. The defined protocols are derived from
an international standard for entity authentication based on public key
cryptography, which uses digital signatures and random number challenges.
Applicability:Applicable
to all Federal departments and agencies that use public key based au
thentication systems to protect unclassified information within computer and
digital telecommunica tions systems to protect unclassified information within
computer and digital telecommunications systems that are not subject to Section
2315 of Title 10, U.S. Code, or Section 3502(2) of Title 44, U.S. Code. This
standard is for use in the designing, acquisition and implementation of public
key based, challenge-response authentication systems at the application layer
within computer and digital telecommunications systems. May be used at other
layers within computer and digital telecommunications systems.
Solicitation
Wording:No wording available.
Cryptography
FIPSPUB46-3
DATA
ENCRYPTION STANDARD (DES), 1999 October 25.
Purpose:
The selective application of technological and related procedural safeguards is
an important responsibility of every Federal organization in providing adequate
security to its electronic data systems. This publication specifies two
cryptographic algorithms, the Data Encryption Standard (DES) and the Triple
Data Encryption Algorithm (TDEA), which may be used by Federal organizations to
protect sensitive data. Protection of data during transmission or while in
storage may be necessary to maintain the confidentiality and integrity of the
information represented by the data. The algorithms uniquely define the
mathematical steps required to tranform data into a cryptographic cipher and
also to transform the cipher back to the original form. The Data Encryption Standard
is being made available for use by Federal agencies within the context of a
total security program consisting of physical security procedures, good
information management practices, and computer system/network access controls.
This revision supersedes FIPS 46-2 in its entirety.
FIPSPUB74
GUIDELINES
FOR IMPLEMENTING AND USING THE NBS DATA ENCRYPTION STANDARD, 1981 April 1.
Purpose:Provides
guidance for the use of cryptographic techniques when such techniques are
required to protect sensitive or valuable computer data. For use in conjunction
with FIPS PUB 81.
FIPSPUB81
DES
MODES OF OPERATION -- 1980 December 2.
Purpose: This
standard provides specifications of the recommended modes of operation but does
not specify the necessary and sufficient conditions for their secure
implementation in a particular application. This standard specifies the
numbering of data bits, how the bits are encrypted and decrypted, and the data
paths and the data processing necessary for encrypting and decrypting data or
messages.
FIPSPUB113
COMPUTER
DATA AUTHENTICATION, 1985 May 30.
Purpose:Specifies
a Data Authentication Algorithm (DAA) which, when applied to computer data,
automatically and accurately detects unauthorized modifications, both
intentional and acciden tal. Based on FIPS PUB 46, this standard is compatible
with requirements adopted by the Department of Treasury and the banking
community to protect electronic fund transfer transactions.
Applicability:FIPS
113 shall be used by Federal organizations whenever a determination is made
that cryptographic authentication is needed for the detection of intentional
modifications of data, unless the data is classified according to the National
Security Act of 1947 or the Atomic Energy Act of 1954. Equipments approved for
the cryptographic authentication of classified data may be used in lieu of
equipments meeting this standard.
Solicitation
Wording:Computer Data Authentication
If
a requirement is set forth elsewhere in this requirements document that
cryptographic authentication is required for the detection of unauthorized
modification of data and that data is not classified according to the National
Security Act of 1947, as amended, the systems, equipment and/or services
provided to satisfy this requirement must be in compliance with FIPS 113.
If,
as a result of the requirements set forth elsewhere in this requirements
document, a separate capability is offered to provide cryptographic
authentication for the detection of unauthorized modification of data
classified according to the National Security Act of 1947, as amended, or the
Atomic Energy Act of 1954, as amended, and this separate capability is also to
be used for the detection of unauthorized modification of unclassified data,
the systems, equipment, and/or services provided to satisfy that requirement
must perform as comprehensively as those specified in FIPS 113.
FIPSPUB140-1
SECURITY
REQUIREMENTS FOR CRYPTOGRAPHIC MODULES, 1994 January 11.
Purpose:Provides
the security requirements that are to be satisfied by a cryptographic module
implemented within a security system and provides four increasing, qualitative
levels of security intended to cover a wide range of potential applications and
environments. The security require ments cover basic design and documentation, module
interfaces, authorized roles and services, physical security, software
security, operating system security, key management, cryptographic algorithms,
electromagnetic interference/electromagnetic compatibility (EMI/EMC), and
self-testing.
Applicability:To
all Federal agencies that use cryptographic-based security systems to protect
unclassified information within computer and telecommunication systems
(including voice systems) that are not subject to Section 2315 of Title 10,
U.S. Code, or Section 3502(2) of Title 44, U.S. Code. This standard shall be
used in designing, acquiring and implementing cryptographic-based security
systems within computer and telecommunication systems (including voice
systems), operated by a Federal agency or by a contractor of a Federal agency
or other organization that processes information (using a computer or
telecommunications system) on behalf of the Federal government to accomplish a
Federal function.
Solicitation
Wording:Cryptographic Modules
All
hardware, software, firmware, or any combination thereof, offered to protect
unclassified information within computer and telecommunication systems
(including voice systems), shall con form to FIPS 140-1, Security Requirements
for Cryptographic Modules, and implement an overall security level of [insert
required security level from FIPS 140-1]. The offered module(s) shall also
implement the following security levels: [insert the required security level
for each specific FIPS 140-1 requirement(s), e.g., software security, operating
system security, module interfaces].
FIPSPUB171
KEY
MANAGEMENT USING ANSI X9.17, 1992 April 27.
Purpose:Specifies
a particular selection of options for the automated distribution of keying mate
rial by the Federal Government when using the protocols of ANSI X9.17-1985.
ANSI X9.17-1985 defines procedures for the manual and automated management of
keying materials and utilizes the Data Encryption Standard to provide key
management for a variety of operational environments.
Applicability:This
standard shall be used by Federal agencies when designing, acquiring, imple
menting and managing keying material using the manual and automated procedures
of ANSI X9.17.
Solicitation
Wording:Acquisition of Cryptographic Key Management Systems
If
key management using the protocols of ANSI X9.17 is specified in this
requirement, all key management systems offered as a result of this requirement
shall comply with the specifications of FIPS 171.
FIPSPUB180-1
SECURE
HASH STANDARD (SHS), 1995 April 17.
Purpose:To
specify a Secure Hash Algorithm to be used by both the transmitter and intended
receiver of a message in computing and verifying a digital signature.
Applicability:This
standard is applicable to all Federal agencies for the protection of
unclassified information that is not subject to Section 2315 of Title 10,
United States Code. This standard is required for use with the Digital
Signature Algorithm (DSA) and whenever a secure hash algorithm is required for
Federal applications.
Solicitation
Wording:Secure Hash Algorithm (SHA)
Equipment
or software offered as the result of this requirement must comply with FIPS 180
1. The SHA is required for use with [specify either `the Digital Signature
Algorithm as specified in The Digital Signature Standard' or other applications
which require a secure hash algorithm]. The SHA may be implemented in software,
firmware, hardware, or any combination thereof.
FIPSPUB181
AUTOMATED
PASSWORD GENERATOR (APG), 1993 October 5.
Purpose:Specifies
a standard to be used by Federal organizations that require computer gener ated
pronounceable passwords to authenticate the personal identity of an automated
data processing (ADP) system user, and to authorize access to system resources.
The standard describes an automated password generation algorithm that randomly
creates simple pronounceable syllables as passwords. The password generator
accepts input from a random number generator based on the Data Encryption
Standard (DES) cryptographic algorithm defined in Federal Information
Processing Standard 46-2.
Applicability:To
the development of procurement or design specifications for implementing an
automatic password generation algorithm within a computer system. It shall be
used by all Federal agencies when there is a requirement for computer generated
pronounceable passwords for authenti cating users of computer systems or for
authorizing access to resources in those systems.
Solicitation
Wording:Automated Password Generator
All
automated password generators offered as a result of this requirement shall
conform to FIPS 181 and be used in conjunction with FIPS 112.
FIPSPUB185
ESCROWED
ENCRYPTION STANDARD (EES), 1994 February 9.
Purpose:This
non-mandatory standard provides an encryption/decryption algorithm and a Law
Enforcement Access Field (LEAF) creation method which may be implemented in
electronic devices and may be used at the option of government agencies to
protect government telecommunications. The algorithm and the LEAF creation
method are classified and are referenced, but not specified, in the standard.
Electronic devices implementing this standard may be designed into
cryptographic modules which are integrated into data security products and
systems for use in data security applications. The LEAF is used in a key escrow
system that provides for decryption of telecommunications when access to the
telecommunications is lawfully authorized.
FIPSPUB186-2
DIGITAL
SIGNATURE STANDARD (DSS), 2000 January 27.
Purpose:
This standard specifies algorithms appropriate for applications requiring a
digital, rather than written, signature. A digital signature is represented in
a computer as a string of binary digits. A digital signature is computed using
a set of rules and a set of parameters such that the identity of the signatory
and integrity of the data can be verified. An algorithm provides the capability
to generate and verify signatures. Signature generation makes use of a private
key to generate a digital signature. Signature verification makes use of a
public key which corresponds to, but is not the same as, the private key. Each
user possesses a private and public key pair. Public keys are never shared.
Anyone can verify the signature of a user by employing that user's public key.
Signature generation can be performed only by the possessor of the user's
private key. This revision supersedes FIPS 186-1 in its entirety.
General
Computer Security
FIPSPUB31
GUIDELINES
FOR AUTOMATIC DATA PROCESSING PHYSICAL SECURITY AND RISK MANAGEMENT, 1974 June.
Purpose:Provides
guidance to Federal organizations in developing physical security and risk
management programs for their ADP facilities. Can be used as a checklist for
planning and evaluating security of computer systems.
FIPSPUB73
GUIDELINES
FOR SECURITY OF COMPUTER APPLICATIONS, 1980 June 30.
Purpose:Describes
the different security objectives for a computer application, explains the
control measures that can be used, and identifies the decisions that should be
made at each stage in the lifecycle of a sensitive computer application. For
use in planning, developing and operating computer systems which require
protection.
FIPSPUB81
DES
MODES OF OPERATION, 1980 December 2
Purpose: This standard provides specifications of the recommended modes of
operation but does not specify the necessary and sufficient conditions for
their secure implementation in a particular application. This standard
specifies the numbering of data bits, how the bits are encrypted and decrypted,
and the data paths and the data processing necessary for encrypting and
decrypting data or messages.
FIPSPUB102
GUIDELINE
FOR COMPUTER SECURITY CERTIFICATION AND ACCREDITATION, 1983 September 27.
Purpose:Describes
how to establish and how to carry out a certification and accreditation pro
gram for computer security. Certification consists of a technical evaluation of
a sensitive system to see how well it meets its security requirements.
Accreditation is the official management authorization for the operation of the
system and is based on the certification process.
Risk Analysis
and Contingency Planning
FIPSPUB87
GUIDELINES
FOR ADP CONTINGENCY PLANNING, 1981 March 27.
Purpose:Describes
what should be considered when developing a contingency plan for an ADP
facility. Provides a suggested structure and format which may be used as a
starting point from which to design a plan to fit each specific operation.
FIPSPUB191
GUIDELINE
FOR THE ANALYSIS OF LOCAL AREA NETWORK SECURITY, 1994 November 9.
Purpose:Discusses
threats and vulnerabilities and considers technical security services and
security mechanisms.
Security Labels
FIPSPUB188
STANDARD
SECURITY LABEL FOR INFORMATION TRANSFER, 1994 September 6.
Purpose:Defines
a security label syntax for information exchanged over data networks and
provides label encodings for use at the Application and Network Layers.
Applicability:This
standard applies to U.S. Government communications systems required by agency
security policy to label sensitive but unclassified data when exchanged over
data networks.
Proposed
Solicitation Wording:Development or Acquisition of Security Label Products and
Systems
All
security-enhanced computer communications products and systems implementing or
using security labels shall conform with the specifications of FIPS 188.
Return to the Table of Contents.
FEDERAL
TELECOMMUNICATIONS STANDARDS (FED-STDS)*
(*These Federal Telecommunications Standards (FED-STDS) were
developed by the National Communications System (NCS) and were approved by
GSA.)
FED-STD 1002A
TIME AND FREQUENCY REFERENCE INFORMATION IN
TELECOMMUNICATIONS SYSTEMS, 1991 September 3.
Purpose:FED-STD 1002A establishes the
requirements for telecommunications facilities and systems of the Federal
government to utilize time and frequency reference information based upon
coordinated universal time (UTC).
Applicability:Telecommunications facilities
and systems dependent on time or frequency reference information.
Solicitation Wording:Time and Frequency
Reference
All applicable telecommunications facilities
and systems that are offered or used as a result of this requirement shall be
referenced to the time and frequency standard specified in FED-STD 1002A.
FED-STD 1016
TELECOMMUNICATIONS: ANALOG TO DIGITAL
CONVERSION OF RADIO VOICE BY 4,800 BIT/SECOND CODE EXCITED LINEAR PREDICTION
(CELP), 1991 February 14.
Purpose:FED-STD 1016 specifies
interoperability-related requirements for the conversion of analog voice to a
4,800 bit/second digitized form for digital radio transmission by Code Excited
Linear Prediction (CELP) method.
Applicability:This standard shall be used by
all Federal departments and agencies in the design and procurement of all radio
equipment systems and applications wherein voice transmission must be digitized
prior to encryption.
Solicitation Wording:Acquisition and
development of digitized voice equipment using 4,800 bit/second Code Excited
Linear Prediction (CELP)
All applicable equipment or applications
offered as a result of this requirement for the conversion of analog voice to a
4,800 bit/second digitized form for digital radio transmission by Code Excited
Linear Prediction (CELP) method must comply with the requirements specified in
FED-STD 1016.
FED-STD 1023
TELECOMMUNICATIONS: INTEROPERABILITY
REQUIREMENTS FOR ENCRYPTED, DIGITIZED VOICE UTILIZED WITH 25 KHZ CHANNEL FM
RADIOS OPERATING ABOVE 30 MHZ, 1989 September 25.
Purpose:FED-STD 1023 describes
interoperability-related requirements for the conversion of analog voice to
digital form, its encryption and related synchronization and subsequent
frequency modulation.
Applicability:Used in the design and
procurement of digitized voiced Type I encryption equipment for use with
nominal 25 kHz channel FM radio systems that operate above 30 MHz.
Solicitation Wording:Acquisition and
Development of Digitized Voice Type I Encryption Equipment for Use With FM
Radio System
All applicable equipment or services
resulting from this requirement that are employed for digitized voice Type I
encryption for use of frequency Modulation radio systems must comply with the
requirements specified in FED-STD 1023.
FED-STD 1035A
TELECOMMUNICATIONS:CODING MODULATIONS AND
TRANSMISSION REQUIREMENTS FOR SINGLE CHANNEL MEDIUM AND HIGH FREQUENCY
RADIOTELEGRAPH SYSTEMS USED IN GOVERNMENT MARITIME MOBILE TELECOMMUNICATIONS,
1991 May 10.
Purpose:FED-STD 1035A established minium
requirements for single channel, narrowband, medium and high frequency
radiotelegraph to facilitate the interoperability of maritime mobile
telecommunications facilities.
Applicability:This standard shall be used by
all Federal departments and agencies in the design and procurement of maritime
mobile and radiotelegraph systems for medium and high frequency operation.
Solicitation Wording:Acquisition of Maritime
Mobile Telecommunications
All applicable equipment or services
resulting from this requirement that are employed for the operation of maritime
mobile radiotelegraph systems using single channel, narrow band, medium and
high frequency transmissions must comply with FED-STD 1035A.
FED-STD 1037B
TELECOMMUNICATIONS:GLOSSARY OF TELECOMMUNICATIONS TERMS, 1991 June 3.
Purpose:FED-STD 1037B provides Federal
departments and agencies a comprehensive source of definitions of terms used in
telecommunications and directly related fields by international, national, and
U.S. Government telecommunications specialist.
Applicability:Federal departments and
agencies shall use this glossary in defining terms used in specifications for
telecommunications systems, equipment, and services.
Solicitation Wording:No wording available.
FED-STD 1045A
TELECOMMUNICATIONS:HF RADIO AUTOMATIC LINK
ESTABLISHMENT, 1993 October 18.
Purpose:FED-STD 1045 establishes the
technical requirements to ensure interoperability of new long-haul radio
equipment in the medium frequency (MF) band and the high frequency (HF) band.
Applicability:Used in the design and
procurement of medium frequency and high frequency radio systems employing
automatic link establishment (ALE)
Solicitation Wording:Acquisition of MF/HF
Radio with Automatic Link Establishment
All applicable medium frequency and high
frequency telecommunications systems employing automatic link establishment
must comply with the requirements set forth in FED-STD 1045.
FED-STD 1046/1
TELECOMMUNICATIONS:HF RADIO AUTOMATIC NETWORKING SECTION 1; BASIC NETWORKINGALE
CONTROLLER, 1993 October 18.
Purpose: Establishes technical parameters, in
the form of mandatory standards and optional design objectives that are
considered necessary to ensure interoperability of new long-haul and tactical
radio equipment in the HF band.
Applicability:This standard shall be used by
all Federal agencies in the planning, design, and procurement, including lease
and purchase, of all new data communications systems that utilize the HF
Automatic Link Establishment (ALE) radio media for networking purposes.
Solicitation Language:Automatic Link
Establishment Network Controller
All equipment, software or systems offered as
a result of this requirement for a network controller for radio systems
employing automatic link establishment shall comply with FED-STD 1046, Section
1.
FED-STD 1049/1
TELECOMMUNICATIONS: HF RADIO AUTOMATIC LINK
ESTABLISHMENT IN STRESSED ENVIRONMENTS, SECTION 1: LINKING PROTECTION, 1993
July 26.
Purpose:To improve the Federal acquisition
process by providing Federal agencies a com prehensive, authoritative source of
definitions of terms and link protection parameters, and to prevent the
establishment of unauthorized HF radio links or the unauthorized manipulation
of legitimate HF radio automatic link establishment (ALE).
Applicability:All Federal agencies shall use
this standard in the design and acquisition of ALE automated radio equipment
requiring operation in stressed environments.
Solicitation Wording:Linking Protection in
Stressed Environments for HF Radio Automatic Link Establishment
All equipment and services offered as the
result of this requirement shall comply with FED-STD 1049/1 and FED-STD 1045.
|
NIST is an agency of the |