Federal Information Processing Standards Publications
|FIPS NO.||TITLE-DATE & BRIEF DESCRIPTION|
Security Requirements for Cryptographic Modules -- 01 May
- This Federal Information Processing Standard
(140-2) was recently approved by the Secretary of Commerce. It
specifies the security requirements that will be satisfied by
a cryptographic module, providing four increasing, qualitative
levels intended to cover a wide range of potential applications
and environments. The areas covered, related to the secure design
and implementation of a cryptographic module, include specification;
ports and interfaces; roles, services, and authentication; finite
state model; physical security; operational environment; cryptographic
key management; electromagnetic interference/electromagnetic
compatibility (EMI/EMC); self-tests; design assurance; and mitigation
of other attacks.
Secure Hash Standard (SHS) -- 2002 August
FIPS 180-2 superseded FIPS 180-1 as of February 1, 2003.
Automated Password Generator (APG) -- 93 Oct 05
-Specifies a standard to be used by Federal organizations that require computer generated pronounceable passwords to authenticate the personal identity of an automated data processing (ADP) system user, and to authorize access to system resources. The standard describes an automated password generation algorithm that randomly creates simple pronounceable syllables as passwords. The password generator accepts input from a random number generator based on the Data Encryption Standard (DES) cryptographic algorithm defined in Federal Information Processing Standard 46-2.
Escrowed Encryption Standard (EES) -- 94 Feb 09
-This non-mandatory standard provides an encryption/decryption algorithm and a Law Enforcement Access Field (LEAF) creation method which may be implemented in electronic devices and may be used at the option of government agencies to protect government telecommunications. The algorithm and the LEAF creation method are classified and are referenced, but not specified, in the standard. Electronic devices implementing this standard may be designed into cryptographic modules which are integrated into data security products and systems for use in data security applications. The LEAF is used in a key escrow system that provides for decryption of telecommunications when access to the telecommunications is lawfully authorized.
Digital Signature Standard (DSS) -- 00 January 27
- This standard specifies algorithms appropriate for applications requiring a digital, rather than written, signature. A digital signature is represented in a computer as a string of binary digits. A digital signature is computed using a set of rules and a set of parameters such that the identity of the signatory and integrity of the data can be verified. An algorithm provides the capability to generate and verify signatures. Signature generation makes use of a private key to generate a digital signature. Signature verification makes use of a public key which corresponds to, but is not the same as, the private key. Each user possesses a private and public key pair. Private keys are kept secret; public keys may be shared. Anyone can verify the signature of a user by employing that user's public key. Signature generation can be performed only by the possessor of the user's private key. This revision supersedes FIPS 186-1 in its entirety.
Standard Security Label for Information Transfer -- 94 Sept 6
-Defines a security label syntax for information exchanged over data networks and provides label encodings for use at the Application and Network Layers. ANSI/TIA/EIA-606-1993
Guideline for the Use of Advanced Authentication Technology Alternatives
-- 94 Sept 28
-Describes the primary alternative methods for verifying the identities of computer system users, and provides recommendations to Federal agencies and departments for the acquisition and use of technology which supports these methods.
Guideline for the Analysis of Local Area Network Security --
94 Nov 9
- Discusses threats and vulnerabilities and considers technical security services and security mechanisms.
Entity Authentication Using Public Key Cryptography -- 1997 Feb
- Specifies two challenge-response protocols by which entitites in a computer system may authenticate their identities to one another. These protocols may be used during session initiation, and at any other time that entity authentication is necessary. Depending on which protocol is implemented, either one or both entities involved may be authenticated. The defined protocols are derived from an international standard for entity authentication based on public key cryptography, which uses digital signatures and random number challenges.
|197|| Advanced Encryption Standard (AES), 2001 November 26.
-The Advanced Encryption Standard (AES) specifies a FIPS-approved cryptographic algorithm that can be used to protect electronic data. The AES algorithm is a symmetric block cipher that can encrypt (encipher) and decrypt (decipher) information. Encryption converts data to an unintelligible form called ciphertext; decrypting the ciphertext converts the data back into its original form, called plaintext.
|198|| The Keyed-Hash Message Authentication Code (HMAC), 2002 March.
-This standard describes a keyed-hash message authentication code (HMAC), a mechanism for message authentication using cryptographic hash functions. HMAC can be used with any iterative Approved cryptographic hash function, in combination with a shared secret key. The cryptographic strength of HMAC depends on the properties of the underlying hash function. The HMAC specification in this standard is a generalization of Internet RFC 2104, HMAC, Keyed-Hashing for Message Authentication, and ANSI X9.71, Keyed Hash Message Authentication Code.
|199|| Standards for Security Categorization of Federal Information
and Information Systems, 2004 February
FIPS 199 addresses one of the requirements specified in the Federal Information Security Management Act (FISMA) of 2002, which requires all federal agencies to develop, document, and implement agency-wide information security programs for the information and information systems that support the operations and the assets of the agency, including those provided or managed by another agency, contractor, or other source. FIPS 199 provides security categorization standards for information and information systems. Security categorization standards make available a common framework and method for expressing security. They promote the effective management and oversight of information security programs, including the coordination of information security efforts throughout the civilian, national security, emergency preparedness, homeland security, and law enforcement communities. Such standards also enable consistent reporting to OMB and Congress on the adequacy and effectiveness of information security policies, procedures, and practices.
|200|| Minimum Security Requirements for Federal Information and Information Systems, 2006 March
FIPS 200 is the second standard that was specified by the Federal Information Security Management Act of 2002 (FISMA). It is an integral part of the risk management framework that NIST has developed to assist federal agencies in providing levels of information security based on levels of risk. FIPS 200 specifies minimum security requirements for federal information and information systems and a risk-based process for selecting the security controls necessary to satisfy the minimum requirements.
Personal Identity Verification
for Federal Employees and Contractors, 2006 March