Federal Information Processing Standards

Overview
Federal Information Processing Standards (FIPS) are publicly announced standards approved by the Secretary of Commerce and issued by NIST in accordance with FISMA. FIPS are compulsory and binding for federal agencies. FISMA requires that federal agencies comply with these standards, and therefore, agencies may not waive their use.

Many FIPS standards are modified versions of standards used in the wider community (American National Standards Institute (ANSI), Institute of Electrical and Electronics Engineers (IEEE), International Organization for Standardization (ISO), etc.)

FIPS publications
The FIPS publications summarized in the IT Law wiki include:


 * FIPS 140-1: Security Requirements for Cryptographic Modules (Jan. 1994) (full-text).
 * FIPS 140-2: Security Requirements for Cryptographic Modules (May 25, 2001) (full-text).
 * FIPS 180-3: Secure Hash Standard (full-text).
 * FIPS 185: Escrowed Encryption Standard (FIPS 185) (Feb. 9, 1994) (full-text).
 * FIPS 186-3: Digital Signature Standard (DSS) (June 2009) (full-text).
 * FIPS 199: Standards for Security Categorization of Federal Information and Information Systems (Feb. 2004) (full-text).
 * FIPS 200: Minimum Security Requirements for Federal Information and Information Systems (Mar. 9, 2006) (full-text).
 * FIPS 201: Personal Identity Verification (PIV) of Federal Employees and Contractors (Mar. 2006) (full-text).

Standard publications
Some FIPS standards were originally developed by the U.S. government. For instance, standards for encoding data (e.g. country codes), but more significantly some encryption standards, such as the Data Encryption Standard (FIPS 46) and the Advanced Encryption Standard (FIPS 197).