|
CSRC
Homepage
CSRC Site Map
Search
CSRC:
CSD
Publications:
- Draft Publications
- Special
Publications
- FIPS Pubs
- ITL Security
Bulletins
- NIST IRs
CSD
Focus Areas:
- Cryptographic Standards
& Application
- Security Testing
- Security Research
/
Emerging
Technologies
- Security Management
&
Guidance
General
Information:
- Site
Map
- List of Acronyms
- Archived
Projects
&
Conferences
- Virus Information
- ICAT Alerts
Search
NIST's ICAT
Vulnerability Archive:
|
|

With the
passage of the Federal
Information Security Management Act (FISMA) of 2002, there
is no longer a statutory provision to allow for agencies to
waive mandatory Federal Information Processing Standards (FIPS).
The waiver provision had been included in the Computer Security
Act of 1987; however, FISMA supercedes that Act. Therefore,
the references to the "waiver process" contained in many of
the FIPS listed below are no longer operative.
Note, however,
that not all FIPS are mandatory; consult the applicability section
of each FIPS for details. FIPS do not apply to national security
systems (as defined in FISMA).
|
Listed below are NIST FIPS and associated
documents having to do with Computer Security. Some of these
FIPS are not available online, which can be ordered from the link
provided below:
HOW
TO ORDER FIPS:
There
are non-security FIPS available.
|
Key to different File formats
/ Extensions and program to use to view documents:
.pdf can be
viewed by using Adobe Acrobat Reader
.wp can be viewed
by using WordPerfect
.doc can be viewed
by using Microsoft Word
.ps can be viewed
by using Ghostscript or some other postscript program
.htm(l) are webpages
and can be viewed by using a Web browser (such as Netscape or Microsoft
Explorer)
.txt are ASCII text
files and can be viewed by using a number of different applications
such as a Web browser, a word processor, or Notepad/Wordpad.
|
FIPS
113 |
May 1985, Computer Data
Authentication
No
electronic version available.
|
FIPS
140-1 |
Jan. 1994, Security
Requirements for Cryptographic Modules
pdf
file (283 KB)
|
FIPS 140-2 |
May 2001,
Security requirements for Cryptographic Modules
pdf
file (1.39 MB)
Zipped pdf file
(810 KB)
Annex A: Approved Security
Functions [PDF]
Annex B: Approved Protection
Profiles [PDF]
Annex C: Approved Random Number
Generators [PDF]
Annex D: Approved Key Establishment
Techniques [PDF]
|
FIPS
180-2 |
August 2002,
Secure Hash Standard (SHS)
February 2004
-- A change notice for FIPS 180-2 has been attached that specifies
SHA-224 and discusses truncation of the hash function output in order
to provide interoperability.
1 file format:
pdf file
(237 KB)
|
FIPS
181 |
October 1993, Automated
Password Generator
Text
file (20.5 KB)
|
FIPS
185 |
February 1994, Escrowed
Encryption Standard
Text
file (18.7 KB)
|
FIPS
186-2 |
January 2000, Digital
Signature Standard (DSS)
October 2001
-- A change
notice for FIPS 186-2, Digital Signature Standard (DSS) (.pdf file),
has been made available that addresses key sizes and random number generation.
This change notice replaces the item that was posted on August 3, 2001,
Recommendations Regarding Federal Information Processing Standard (FIPS)
186-2, Digital Signature Standard (DSS). Comments and questions for
this recommendation are requested and may be addressed to FIPS186@nist.gov.
1 file
format:
pdf file (312
KB)
|
FIPS
188 |
September 1994, Standard
Security Labels for Information Transfer
4 file formats:
Html webpage (63 KB)
pdf file (86.4
KB)
Postscript file
(325 KB)
Text file
(53.1 KB)
|
FIPS
190 |
September 1994, Guideline
for the Use of Advanced Authentication Technology Alternatives
Text
file (161 KB)
|
FIPS
191 |
November 1994, Guideline
for The Analysis of Local Area Network Security
pdf
file (143 KB)
|
FIPS
196 |
February 1997, Entity
Authentication Using Public Key Cryptography
2 file formats:
Postscript file
(369 KB)
pdf file
(159 KB)
|
FIPS
197 |
November 2001, Advanced
Encryption Standard
Federal
Agencies should also see OMB guidance.
2 file formats:
pdf file
(272 KB)
Postscript file
(1.96 MB)
|
FIPS
198 |
March 2002, The Keyed-Hash
Message Authentication Code (HMAC)
pdf
file (173 KB)
This document file was updated on April 8, 2002.
|
FIPS
199 |
February 2004, Standards
for Security Categorization of Federal Information and Information
Systems
(Note: Original
cover date of December 2003 changed to reflect the actual approval
date by the Secretary of Commerce.)
pdf
file (60 KB)
|
FIPS
201 |
February 2005,
Personal Identity Verification for Federal Employees and Contractors
UPDATED: June 21, 2005 (document
& Errata file)
pdf
file (1,020 KB)
Errata
for FIPS 201
|
|
FIPS
31 |
Published
June 1974,
Guidelines for Automatic Data Processing Physical Security and Risk
Management,
withdrawn February 8, 2005.
|
FIPS
39 |
Published
February 1976, Glossary for Computer Systems Security,
withdrawn April 29, 1993.
|
FIPS
41 |
Published
May 1975, Computer Security Guidelines
for Implementing the Privacy Act of 1974,
withdrawn
November 18, 1998.
. |
FIPS
46-3 |
Published October 1999,
Data Encryption Standard (DES);
specifies the use of Triple DES,
withdrawn May 19, 2005.
|
FIPS
48 |
Published
1977,
Guidelines on Evaluation of Techniques for Automated Personal Identification,
withdrawn February 8, 2005.
|
FIPS
65 |
Published
August 1975, Guidelines for Automatic Data Processing Risk
Analysis,
withdrawn August 25, 1995.
|
FIPS
73 |
Published
June 1980, Guidelines for Security of Computer Applications,
withdrawn February 8, 2005.
|
FIPS
74 |
Published April 1981,
Guidelines for Implementing and Using the NBS Data Encryption Standard,
(WordPerfect Part 1, WordPerfect Part
2, WordPerfect Part 3)
withdrawn May 19, 2005.
|
FIPS
81 |
Published
December 1980,
DES
Modes of Operation,
(change 1 notice), (change
2 notice)
withdrawn May 19, 2005.
|
FIPS
83 |
Published
September 1980, Guideline on User Authentication Techniques
for Computer Network Access Control,
withdrawn February 8, 2005.
|
FIPS
87 |
Published
March 1981,
Guidelines for ADP Contingency Planning,
withdrawn February 8, 2005.
|
FIPS
88 |
Published
August 1981, Guideline on Integrity Assurance and Control
in Database Administration,
withdrawn July 29, 1997.
|
FIPS
94 |
Published
September 1983, Guideline on Electrical Power for ADP Installations,
withdrawn July 29, 1997.
|
FIPS
102 |
Published
September 1983, Guidelines for Computer Security Certification
and Accreditation,
withdrawn February 8, 2005.
|
FIPS
112 |
Published
May 1985, Password Usage,
withdrawn February 8, 2005.
|
FIPS
139 |
Published
August 1983, Interoperability
and Security Requirements for Use of the Data Encryption Standard in
the Physical Layer of Data Communications,
withdrawn
February 25, 2000.
|
FIPS
141 |
Published
April 1985,
Interoperability and Security Requirements for Use of the Data Encryption
Standard with CCITT Group 3 Facsimile Equipment,
withdrawn
February 25, 2000.
|
FIPS
171 |
Published
April 1992, Key Management Using ANSI X9.17,
withdrawn February 8, 2005.
|
If you have any questions or need more information regarding any of
these FIPS, contact Liz Lennon by e-mail: elizabeth.lennon@nist.gov
(click e-mail address) or call by phone 301-975-2832.
|
|