LLMpediaThe first transparent, open encyclopedia generated by LLMs

Federal Information Processing Standards

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: South Dakota State Data Center Hop 5
Expansion Funnel Raw 81 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted81
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
Federal Information Processing Standards
NameFederal Information Processing Standards
AbbreviationFIPS
DeveloperNational Institute of Standards and Technology
First published1960s
StatusWithdrawn/Active (varies by publication)
DomainComputer standards, Information security

Federal Information Processing Standards are a set of standards for use in federal computer systems and associated procurement that define data formats, cryptographic modules, identifier codes, and procedural requirements developed for interoperability and security. They have influenced technology adoption across United States Department of Defense, National Security Agency, Library of Congress, Department of Commerce, and state-level agencies such as the California Department of Technology and New York State Office of Information Technology Services. FIPS have intersected with international standards bodies including International Organization for Standardization, Institute of Electrical and Electronics Engineers, and Internet Engineering Task Force.

Overview

FIPS encompass specifications ranging from numeric identifiers like the FIPS 55-3 locality codes to cryptographic standards such as FIPS 140-2 and FIPS 197, addressing requirements for United States Postal Service data interchange, geographic information standards used by the United States Geological Survey, and digital security frameworks applied by the Internal Revenue Service. The standards aim to enable compatibility among systems deployed by agencies like the Department of Homeland Security, Social Security Administration, Federal Bureau of Investigation, and Centers for Medicare & Medicaid Services. FIPS documents often reference technical committees at National Institute of Standards and Technology and align with specifications from World Wide Web Consortium, Telecommunications Industry Association, and American National Standards Institute.

History and Development

Development traces to mid-20th-century initiatives led by the United States Department of Commerce and the National Bureau of Standards to standardize electronic data processing for federal agencies including the General Services Administration and the Office of Management and Budget. Key milestones involved collaboration with cryptographic authorities such as the National Security Agency and academic partners at institutions like Massachusetts Institute of Technology, Stanford University, Carnegie Mellon University, and University of California, Berkeley. Major evolutions included promulgation of standards addressing data interchange for the United States Census Bureau and adoption of encryption standards after public competitions involving vendors like RSA Security and contributions from researchers including Whitfield Diffie, Martin Hellman, and Ron Rivest. International events, procurement reforms influenced by the Paperwork Reduction Act, and technology shifts driven by companies such as IBM, Microsoft, Sun Microsystems, and Apple Inc. shaped revisions and withdrawals.

Standards and Publications

Prominent publications include FIPS 140-2 and FIPS 140-3 for cryptographic module validation, FIPS 197 specifying the Advanced Encryption Standard chosen from submissions including Rijndael by Joan Daemen and Vincent Rijmen, and numeric and geographic series such as FIPS 10-4 and FIPS 55-3. Additional records encompass hashing and integrity guidance tied to FIPS 180-4 (SHA family), identity and authentication guidance used by Federal Identity, Credential, and Access Management programs, and interoperability frameworks for standards referenced by Health Level Seven International and National Association of State Chief Information Officers. Many FIPS interact with protocols standardized at the Internet Engineering Task Force and test suites maintained by Common Criteria partners and commercial labs accredited under National Voluntary Laboratory Accreditation Program.

Implementation and Use

Agencies implement FIPS in procurement, system accreditation, and operational controls across programs such as Federal Information Security Management Act of 2002, Homeland Security Presidential Directive 12, and E-Government Act of 2002 initiatives. Implementation requires coordination with acquisition offices at the General Services Administration and technical validation through labs working with vendors like Cisco Systems, Intel, and Thales Group. FIPS-certified cryptographic modules appear in products from Amazon Web Services, Google Cloud Platform, and Microsoft Azure when used for federal workloads; geographic and demographic codes derived from FIPS have been embedded in datasets produced by the United States Census Bureau, Bureau of Labor Statistics, and Federal Emergency Management Agency for planning and response.

Governance and Maintenance

NIST administers most FIPS with policy guidance from the United States Department of Commerce and oversight from the Office of Management and Budget. Revision processes engage working groups composed of representatives from federal agencies, standards bodies like IEEE Standards Association, industry consortia including the Open Web Application Security Project, and academic stakeholders from Georgia Institute of Technology and University of Maryland. Cryptographic validations rely on coordination with the National Institute of Standards and Technology Cryptographic Module Validation Program and intelligence community inputs from National Security Agency for classified interoperability considerations. Withdrawals or updates—such as transitions from older numeric code systems to ISO 3166—are announced through NIST publications and coordinated with entities including the Federal Geographic Data Committee.

Criticism and Security Concerns

FIPS have faced criticism over procurement lock-in favoring established vendors like Oracle Corporation and SAP SE, delays in updating standards relative to rapid advances in cryptanalysis exemplified by research from Dan Bernstein and Niels Ferguson, and tensions between transparency and classified review as highlighted by debates involving Electronic Frontier Foundation and civil liberties organizations. Security concerns include legacy reliance on deprecated algorithms once approved in FIPS, supply-chain issues raised by incidents involving companies such as SolarWinds, and certification gaps identified by researchers at MITRE and SANS Institute. Calls for greater harmonization with international standards from International Organization for Standardization and faster adoption cycles advocated by entities like Internet Society continue to shape reform proposals.

Category:United States federal standards