go to NIST home page go to CSRC home page go to Focus Areas page go to Publications page go to Advisories page go to Events page go to Site Map page go to ITL home page CSRC home page link
header image with links

 CSRC Homepage
 CSRC Site Map

   Search CSRC:

 CSD Publications:
   - Draft Publications
   - Special Publications
   - FIPS Pubs
   - ITL Security Bulletins
   - NIST IRs

 CSD Focus Areas:
   - Cryptographic Standards
       & Application
   - Security Testing
   - Security Research /
       Emerging Technologies
   - Security Management
       & Guidance

 General Information:
   - Site Map
   - List of Acronyms
   - Archived Projects
        & Conferences
   - Virus Information
   - ICAT Alerts

 News & Events  
   - Federal News
   - Security Events

 Services For the: 
   - Federal Community
   - Vendor
   - User

 Links & Organizations
   - Academic
   - Government
   - Professional
   - Additional Links

 Search NIST's ICAT
 Vulnerability Archive:
   Enter vendor, software, or keyword

FIPS header image

With the passage of the Federal Information Security Management Act (FISMA) of 2002, there is no longer a statutory provision to allow for agencies to waive mandatory Federal Information Processing Standards (FIPS). The waiver provision had been included in the Computer Security Act of 1987; however, FISMA supercedes that Act. Therefore, the references to the "waiver process" contained in many of the FIPS listed below are no longer operative.

Note, however, that not all FIPS are mandatory; consult the applicability section of each FIPS for details. FIPS do not apply to national security systems (as defined in FISMA).


Listed below are NIST FIPS and associated documents having to do with Computer Security.  Some of these FIPS are not available online, which can be ordered from the link provided below:


There are non-security FIPS available.

Key to different File formats / Extensions and program to use to view documents:
    .pdf  can be viewed by using Adobe Acrobat Reader
    .wp can be viewed by using WordPerfect
    .doc can be viewed by using Microsoft Word
    .ps can be viewed by using Ghostscript or some other postscript program
    .htm(l) are webpages and can be viewed by using a Web browser (such as Netscape or Microsoft Explorer)
    .txt are ASCII text files and can be viewed by using a number of different applications such as a Web browser, a word processor, or Notepad/Wordpad.
FIPS 113 May 1985, Computer Data Authentication
No electronic version available.
FIPS 140-1 Jan. 1994, Security Requirements for Cryptographic Modules
pdf file (283 KB)
FIPS 140-2 May 2001, Security requirements for Cryptographic Modules
pdf file (1.39 MB)
Zipped pdf file (810 KB)
Annex A: Approved Security Functions [PDF]
Annex B: Approved Protection Profiles [PDF]
Annex C: Approved Random Number Generators [PDF]
Annex D: Approved Key Establishment Techniques [PDF]
FIPS 180-2 August 2002, Secure Hash Standard (SHS)
February 2004 -- A change notice for FIPS 180-2 has been attached that specifies SHA-224 and discusses truncation of the hash function output in order to provide interoperability.
1 file format:
pdf file  (237 KB)
FIPS 181 October 1993, Automated Password Generator
Text file  (20.5 KB)
FIPS 185 February 1994, Escrowed Encryption Standard
Text file  (18.7 KB)
FIPS 186-2 January 2000, Digital Signature Standard (DSS)
October 2001 -- A change notice for FIPS 186-2, Digital Signature Standard (DSS) (.pdf file), has been made available that addresses key sizes and random number generation. This change notice replaces the item that was posted on August 3, 2001, Recommendations Regarding Federal Information Processing Standard (FIPS) 186-2, Digital Signature Standard (DSS). Comments and questions for this recommendation are requested and may be addressed to FIPS186@nist.gov.
1 file format:
pdf file (312 KB)
FIPS 188 September 1994, Standard Security Labels for Information Transfer
4 file formats:
Html webpage (63 KB)
pdf file (86.4 KB)
Postscript file  (325 KB)
Text file  (53.1 KB)
FIPS 190 September 1994, Guideline for the Use of Advanced Authentication Technology Alternatives
Text file (161 KB)
FIPS 191 November 1994, Guideline for The Analysis of Local Area Network Security
pdf file  (143 KB)
FIPS 196 February 1997, Entity Authentication Using Public Key Cryptography
2 file formats:
Postscript file  (369 KB)
pdf file  (159 KB)
FIPS 197

November 2001, Advanced Encryption Standard
      Federal Agencies should also see OMB guidance.

2 file formats:
pdf file  (272 KB)
Postscript file (1.96 MB)
FIPS 198

March 2002, The Keyed-Hash Message Authentication Code (HMAC)

pdf file  (173 KB)
This document file was updated on April 8, 2002.
FIPS 199

February 2004, Standards for Security Categorization of Federal Information and Information Systems
      (Note: Original cover date of December 2003 changed to reflect the actual approval date by the Secretary of Commerce.)

pdf file  (60 KB)
FIPS 201 

February 2005, Personal Identity Verification for Federal Employees and Contractors
     UPDATED: June 21, 2005 (document & Errata file)

pdf file  (1,020 KB)
Errata for FIPS 201

 Back to Top of FIPS Page


These FIPS are no longer approved by the Federal Government.
(Click link to see a complete list of ALL withdrawn NIST FIPS PUBS)

FIPS 31 Published June 1974, Guidelines for Automatic Data Processing Physical Security and Risk Management,
withdrawn February 8, 2005.
FIPS 39 Published February 1976, Glossary for Computer Systems Security,
withdrawn April 29, 1993.
FIPS 41 Published May 1975, Computer Security Guidelines for Implementing the Privacy Act of 1974,
withdrawn November 18, 1998.
FIPS 46-3 Published October 1999, Data Encryption Standard (DES); specifies the use of Triple DES,
withdrawn May 19, 2005.
FIPS 48 Published 1977, Guidelines on Evaluation of Techniques for Automated Personal Identification,
withdrawn February 8, 2005.

FIPS 65 Published August 1975, Guidelines for Automatic Data Processing Risk Analysis,
withdrawn August 25, 1995.
FIPS 73 Published June 1980, Guidelines for Security of Computer Applications,
withdrawn February 8, 2005.

FIPS 74 Published April 1981, Guidelines for Implementing and Using the NBS Data Encryption Standard,
(WordPerfect Part 1, WordPerfect Part 2, WordPerfect Part 3)
withdrawn May 19, 2005.
FIPS 81 Published December 1980, DES Modes of Operation,
(change 1 notice), (change 2 notice)
withdrawn May 19, 2005.
FIPS 83 Published September 1980, Guideline on User Authentication Techniques for Computer Network Access Control,
withdrawn February 8, 2005.

FIPS 87 Published March 1981, Guidelines for ADP Contingency Planning,
withdrawn February 8, 2005.

FIPS 88 Published August 1981, Guideline on Integrity Assurance and Control in Database Administration,
withdrawn July 29, 1997.
FIPS 94 Published September 1983, Guideline on Electrical Power for ADP Installations,
withdrawn July 29, 1997.
FIPS 102 Published September 1983, Guidelines for Computer Security Certification and Accreditation,
withdrawn February 8, 2005.

FIPS 112 Published May 1985, Password Usage,
withdrawn February 8, 2005.

FIPS 139 Published August 1983, Interoperability and Security Requirements for Use of the Data Encryption Standard in the Physical Layer of Data Communications,
withdrawn February 25, 2000.
FIPS 141 Published April 1985, Interoperability and Security Requirements for Use of the Data Encryption Standard with CCITT Group 3 Facsimile Equipment,
withdrawn February 25, 2000. 
FIPS 171 Published April 1992, Key Management Using ANSI X9.17,
withdrawn February 8, 2005.


If you have any questions or need more information regarding any of these FIPS, contact Liz Lennon by e-mail: elizabeth.lennon@nist.gov (click e-mail address) or call by phone 301-975-2832.


Last updated: June 21, 2005
Page created: February 23, 2001

Disclaimer Notice & Privacy Policy
Send comments or suggestions to webmaster-csrc@nist.gov
NIST is an Agency of the U.S. Commerce Department's
Technology Administration