Federal Information Processing Standards (FIPS) are publicly announced standards developed by the United States federal government for use in computer systems by non-military government agencies and government contractors.
FIPS standards are issued to establish requirements for various purposes such as ensuring computer security and interoperability, and are intended for cases in which suitable industry standards do not already exist. Many FIPS specifications are modified versions of standards used in the technical communities, such as the American National Standards Institute (ANSI), the Institute of Electrical and Electronics Engineers (IEEE), and the International Organization for Standardization (ISO).
The U.S. government has developed various FIPS specifications to standardize a number of topics including:
Some examples of FIPS Codes for geographical areas include FIPS 10-4 for country codes or region codes and FIPS 5-2 for state codes. These codes were similar to or comparable with, but not the same as, ISO 3166, or the NUTS standard of the European Union. In 2002, the National Institute of Standards and Technology (NIST) withdrew several geographic FIPS code standards, including those for countries (FIPS 10-4), U.S. states (FIPS 5-2), and counties (FIPS 6-4). These are to be replaced by ISO 3166 and INCITS standards 38 and 31, respectively. Some of the codes maintain the previous numerical system, particularly for states.
In 2008, NIST withdrew the FIPS 55-3 database. This database included 5-digit numeric place codes for cities, towns, and villages, or other centers of population in the United States. The codes were assigned alphabetically to places within each state, and as a result changed frequently in order to maintain the alphabetical sorting. NIST replaced these codes with the more permanent GNIS Feature ID, maintained by the U.S. Board on Geographic Names. The GNIS database is the official geographic names repository database for the United States, and is designated the only source of geographic names and locative attributes for use by the agencies of the Federal Government. FIPS 8-6 "Metropolitan Areas" and 9-1 "Congressional Districts of the U.S." were also withdrawn in 2008, to be replaced with INCITS standards 454 and 455, respectively.
The U.S. Census Bureau used FIPS place codes database to identify legal and statistical entities for county subdivisions, places, and American Indian areas, Alaska Native areas, or Hawaiian home lands when they needed to present census data for these areas.
In response to the NIST decision, the Census Bureau is in the process of transitioning over to the GNIS Feature ID, which will be completed after the 2010 Census. Until then, previously issued FIPS place codes, renamed "Census Code," will continue to be used, with the Census bureau assigning new codes as needed for their internal use during the transition.
An advanced electronic signature (AdES) is an electronic signature that has met the requirements set forth under EU Regulation No 910/2014 (eIDAS-regulation) on electronic identification and trust services for electronic transactions in the internal market.Country code
Country codes are short alphabetic or numeric geographical codes (geocodes) developed to represent countries and dependent areas, for use in data processing and communications. Several different systems have been developed to do this. The term country code frequently refers to international dialing codes, the E.164 country calling codes.Cryptography standards
There are a number of standards related to cryptography. Standard algorithms and protocols provide a focus for study; standards for popular applications attract a large amount of cryptanalysis.FIPS 140
The 140 series of Federal Information Processing Standards (FIPS) are U.S. government computer security standards that specify requirements for cryptography modules. As of December 2016, the current version of the standard is FIPS 140-2, issued on 25 May 2001.FIPS 201
FIPS 201 (Federal Information Processing Standard Publication 201) is a United States federal government standard that specifies Personal Identity Verification (PIV) requirements for Federal employees and contractors.
In response to HSPD-12, the NIST Computer Security Division initiated a new program for improving the identification and authentication of Federal employees and contractors for access to Federal facilities and information systems. FIPS 201 was developed to satisfy the technical requirements of HSPD-12, approved by the Secretary of Commerce, and issued on February 25, 2005.
FIPS 201 together with NIST SP 800-78 (Cryptographic Algorithms and Key Sizes for PIV) are required for U.S. Federal Agencies, but do not apply to US National Security systems.
The Government Smart Card Interagency Advisory Board has indicated that to comply with FIPS 201 PIV II, US government agencies should use smart card technology.FIPS county code
The Federal Information Processing Standard Publication 6-4 (FIPS 6-4) was a five-digit Federal Information Processing Standards code which uniquely identified counties and county equivalents in the United States, certain U.S. possessions, and certain freely associated states.
On September 2, 2008, the US Department of Commerce, following three years of review and comments from "public, research communities, manufacturers, voluntary standards organizations, and Federal, State, and local government organizations", announced that FIPS 6-4 was one of ten FIPS standards withdrawn by the department`s National Institute of Standards and Technology (NIST). Deemed "obsolete, or have not been updated to adopt current voluntary industry standards, federal specifications, federal data standards, or current good practices for information security", the NIST replaced FIPS 6-4 with "INCITS 31 – 2009" codes for the "Identification of the States and Equivalent Areas within the United States, Puerto Rico, and the Insular Areas".The five-digit codes of FIPS 6-4 used the two digit FIPS state code (FIPS Publication 5-2, also withdrawn on September 2, 2008), followed by the three digits of the county code within the state or possession. County FIPS codes in the United States are usually (with a few exceptions) in the same sequence as alphabetized county names within a state. They are usually (but not always) odd numbers, so that new or changed county names can be fit in their alphabetical sequence slot.
In response to the NIST decision, the U.S. Census Bureau announced that it would replace the FIPS 6-4 codes with the INCITS 31 codes after the 2010 Census, with the Census bureau assigning new codes as needed for their internal use during the transition. The Census Bureau decided that, based on decades of using the terminology FIPS to describe its codes, it would continue to use the FIPS name for its updated codes, where FIPS now stood for FIP "Specification", since there no longer existed an official FIP "Standard".FIPS county codes were also used by the Emergency Alert System (EAS) and NOAA Weather Radio (NWR) to define geographic locations for their SAME-based public alerting systems. In this application, a "0" (zero) is added as the first digit and used as a "placeholder", making each FIPS code a six-digit sequence. In the future, the first digit may be utilized in this numerical scheme to represent a predefined county subdivision.Geographic Names Information System
The Geographic Names Information System (GNIS) is a database that contains name and locative information about more than two million physical and cultural features located throughout the United States of America and its territories. It is a type of gazetteer. GNIS was developed by the United States Geological Survey in cooperation with the United States Board on Geographic Names (BGN) to promote the standardization of feature names.
The database is part of a system that includes topographic map names and bibliographic references. The names of books and historic maps that confirm the feature or place name are cited. Variant names, alternatives to official federal names for a feature, are also recorded. Each feature receives a permanent, unique feature record identifier, sometimes called the GNIS identifier. The database never removes an entry, "except in cases of obvious duplication."Government Open Systems Interconnection Profile
The Government Open Systems Interconnection Profile (GOSIP) was a specification that profiled open networking products for procurement by governments in the late 1980s and early 1990s.IDEF0
IDEF0, a compound acronym ("Icam DEFinition for Function Modeling", where ICAM is an acronym for "Integrated Computer Aided Manufacturing"), is a function modeling methodology for describing manufacturing functions, which offers a functional modeling language for the analysis, development, reengineering, and integration of information systems; business processes; or software engineering analysis.IDEF0 is part of the IDEF family of modeling languages in the field of software engineering, and is built on the functional modeling language Structured Analysis and Design Technique (SADT).Joan Daemen
Joan Daemen (Dutch pronunciation: [joːˈɑn ˈdaːmə(n)]; born 1965) is a Belgian cryptographer who co-designed the Rijndael cipher with Vincent Rijmen, which was selected as the Advanced Encryption Standard (AES) in 2001. More recently, he co-designed the Keccak cryptographic hash, which was selected as the new SHA-3 hash by NIST in October 2012.
He has also designed or co-designed the MMB, Square, SHARK, NOEKEON, 3-Way, and BaseKing block ciphers. In 2017 he won the Levchin Prize for Real World Cryptography "for the development of AES and SHA3".In 1988, Daemen graduated in electro-mechanical engineering at the Katholieke Universiteit Leuven. He subsequently joined the COSIC research group, and has worked on the design and cryptanalysis of block ciphers, stream ciphers and cryptographic hash functions. Daemen completed his PhD in 1995, at which point he worked for a year at Janssen Pharmaceutica in Beerse, Belgium. He subsequently worked at the BACOB bank, Banksys, Proton World and then STMicroelectronics. Since 2015 Daemen has been professor at the Radboud University Nijmegen.List of FIPS region codes
This is a list of FIPS 10-4 region codes, using a standardized name format, and cross-linking to articles. The list is broken up into alphabetical sections.
ABC – DEF – GHI – JKL – MNO – PQR – STU – VWXYZ
On September 2, 2008, FIPS 10-4 was one of ten standards withdrawn by NIST as a Federal Information Processing Standard. It is to be replaced by ISO 3166.Microsoft CryptoAPI
The Microsoft windows platform specific Cryptographic Application Programming Interface (also known variously as CryptoAPI, Microsoft Cryptography API, MS-CAPI or simply CAPI) is an application programming interface included with Microsoft Windows operating systems that provides services to enable developers to secure Windows-based applications using cryptography. It is a set of dynamically linked libraries that provides an abstraction layer which isolates programmers from the code used to encrypt the data. The Crypto API was first introduced in Windows NT 4.0 and enhanced in subsequent versions.
CryptoAPI supports both public-key and symmetric key cryptography, though persistent symmetric keys are not supported. It includes functionality for encrypting and decrypting data and for authentication using digital certificates. It also includes a cryptographically secure pseudorandom number generator function CryptGenRandom.
CryptoAPI works with a number of CSPs (Cryptographic Service Providers) installed on the machine. CSPs are the modules that do the actual work of encoding and decoding data by performing the cryptographic functions. Vendors of HSMs may supply a CSP which works with their hardware.Microsoft POSIX subsystem
Microsoft POSIX subsystem is one of four subsystems shipped with the first versions of Windows NT. (The other three being the Win32 subsystem which provided the primary programming API for Windows NT, plus the OS/2 and security subsystems.)
This subsystem implements only the POSIX.1 standard — also known as IEEE Std 1003.1-1990 or ISO/IEC 9945-1:1990 — primarily covering the kernel and C library programming interfaces which allowed a program written for other POSIX.1-compliant operating systems to be compiled and run under Windows NT. The Windows NT POSIX subsystem did not provide the interactive user environment parts of POSIX, originally standardized as POSIX.2. That is, Windows NT did not provide a POSIX shell nor any Unix commands like ls. The NT POSIX subsystem also did not provide any of the POSIX extensions that postdated the creation of Windows NT 3.1, such as those for POSIX Threads or POSIX IPC.
The NT POSIX subsystem was included with the first versions of Windows NT because of 1980s US federal government requirements listed in Federal Information Processing Standard (FIPS) 151-2. Briefly, these documents required that certain types of government purchases be POSIX-compliant, so that if Windows NT had not included this subsystem, computing systems based on it would not have been eligible for some government contracts. Windows NT versions 3.5, 3.51 and 4.0 were certified as compliant with FIPS 151-2.
The runtime environment of the subsystem is provided by two files: psxss.exe and psxdll.dll. A POSIX application uses psxdll.dll to communicate with the subsystem while communicating with posix.exe to provide display capabilities on the Windows desktop.
The POSIX subsystem was replaced in Windows XP / Windows Server 2003 by "Windows Services for UNIX", (SFU) which is based in part on technology Microsoft acquired by buying Interix. SFU was removed from later versions of Windows 8 and Windows Server 2012. (See prior link.) SFU is logically (though not formally) replaced by the Windows Subsystem for Linux (WSL) in the Windows 10 Anniversary Update and Windows Server 2016 Version 1709 respectively.Open Source Software Institute
The Open Source Software Institute is a U.S.-based 501(c)(6), non-profit organization whose mission is to promote the development and implementation of open-source software solutions within US Federal, state and municipal government agencies. OSSI was established in 2015 and has focused on strategic initiatives to promote the adoption of open source within US Department of Defense and Department of Homeland Security.SHA-2
SHA-2 (Secure Hash Algorithm 2) is a set of cryptographic hash functions designed by the United States National Security Agency (NSA). They are built using the Merkle–Damgård structure, from a one-way compression function itself built using the Davies–Meyer structure from a (classified) specialized block cipher.
SHA-2 includes significant changes from its predecessor, SHA-1. The SHA-2 family consists of six hash functions with digests (hash values) that are 224, 256, 384 or 512 bits: SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256.
SHA-256 and SHA-512 are novel hash functions computed with 32-bit and 64-bit words, respectively. They use different shift amounts and additive constants, but their structures are otherwise virtually identical, differing only in the number of rounds. SHA-224 and SHA-384 are truncated versions of SHA-256 and SHA-512 respectively, computed with different initial values. SHA-512/224 and SHA-512/256 are also truncated versions of SHA-512, but the initial values are generated using the method described in Federal Information Processing Standards (FIPS) PUB 180-4. SHA-2 was published in 2001 by the National Institute of Standards and Technology (NIST) a U.S. federal standard (FIPS). The SHA-2 family of algorithms are patented in US patent 6829355. The United States has released the patent under a royalty-free license.Currently, the best public attacks break preimage resistance for 52 out of 64 rounds of SHA-256 or 57 out of 80 rounds of SHA-512, and collision resistance for 46 out of 64 rounds of SHA-256.SOA Security
Service-oriented architecture (SOA) allows different ways to develop applications by combining services. The main premise of SOA is to erase application boundaries and technology differences. As applications are opened up, how we can combine these services securely becomes an issue. Traditionally, security models have been hardcoded into applications and when capabilities of an application are opened up for use by other applications, the security models built into each application may not be good enough.
Several emerging technologies and standards address different aspects of the problem of security in SOA. Standards such as WS-Security, SAML, WS-Trust, WS-SecureConversation and WS-SecurityPolicy focus on the security and identity management aspects of SOA implementations that use Web services. Technologies such as virtual organization in grid computing, application-oriented networking (AON) and XML gateways are addressing the problem of SOA security in the larger context.
XML gateways are hardware or software based solutions for enforcing identity and security for SOAP, XML, and REST based web services, usually at the network perimeter. An XML gateway is a dedicated application which allows for a more centralized approach to security and identity enforcement, similar to how a protocol firewall is deployed at the perimeter of a network for centralized access control at the connection and port level.
XML Gateway SOA Security features include PKI, Digital Signature, encryption, XML Schema validation, antivirus, and pattern recognition. Regulatory certification for XML gateway security features are provided by Federal Information Processing Standards (FIPS) and United States Department of Defense.Threat (computer)
In computer security, a threat is a possible danger that might exploit a vulnerability to breach security and therefore cause possible harm.
A threat can be either "intentional" (i.e. hacking: an individual cracker or a criminal organization) or "accidental" (e.g. the possibility of a computer malfunctioning, or the possibility of a natural disaster such as an earthquake, a fire, or a tornado) or otherwise a circumstance, capability, action, or event.Trusted Solaris
Trusted Solaris is a discontinued security-evaluated operating system based on Solaris by Sun Microsystems, featuring a mandatory access control model.