FIPS .

• FIPS

https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html

Network Security Services - FIPS 140 validation and NISCC testing

1 The NSS software crypto module has been validated five times (1997, 1999, 2002,

2007, and 2010) for conformance to FIPS 140 at Security Levels 1 and 2. NSS was

the first open source cryptographic library to receive FIPS 140 validation. The NSS

libraries passed the National Infrastructure Security Co-ordination Centre|NISCC TLS/SSL and S/MIME test suites (1.6

million test cases of invalid input data).


Cryptography standards - U.S. Government Federal Information Processing Standards (FIPS)

1 *FIPS PUB 31 Guidelines for Automatic Data Processing Physical Security and Risk

Management 1974



1 *FIPS PUB 46-3 Data Encryption Standard

(Data Encryption Standard|DES) 1999



1 *FIPS PUB 73 Guidelines for

Security of Computer

Applications 1980https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html


1 *FIPS PUB 74 Guidelines for Implementing and Using the National

Institute of Standards and Technology|NBS Data Encryption

Standard 1981



1 *FIPS PUB 81 Data Encryption Standard|DES Modes of

Operation 1980



1 *FIPS PUB 102 Guideline for Computer Security Certification and Accreditation 1983



1 *FIPS PUB 112 Password Usage 1985, defines 10 factors to be considered in

access control systems that are based on passwords



1 *FIPS PUB 113 Computer Data Authentication 1985, specifies a Data

Authentication Algorithm (DAA) based on Data Encryption Standard|DES, adopted by the U.S. Treasury

Department|Department of Treasury and the banking community to

protect electronic fund transfers.



1 *FIPS PUB 140-2 Security Requirements for Cryptographic

Modules 2001, defines four increasing security levels



1 *FIPS PUB 171 Key Management Using American National Standards Institute|ANSI X9.17 (ANSI X9.17-

1985) 1992, based on Data Encryption Standard|DES



1 *FIPS PUB 180-2 Secure Hash Standard (SHS) 2002 defines the

Secure Hash Algorithm (disambiguation)|SHA family



1 *FIPS PUB 181 Automated Password Generator (APG) 1993



1 *FIPS PUB 185 Escrowed Encryption Standard (EES) 1994, a key escrow

system that provides for decryption of telecommunications when lawfully

authorized.



1 *FIPS PUB 186-2 Digital Signature Standard (Digital Signature Algorithm|DSS) 2000



1 *FIPS PUB 190 Guideline for the Use of Advanced Authentication Technology

Alternatives 1994



1 *FIPS PUB 191 Guideline for the Analysis of local

area network Security 1994



1 *FIPS PUB 196 Entity Authentication Using Public key cryptography|Public Key

Cryptography 1997



1 *FIPS PUB 197 Advanced Encryption Standard (Advanced Encryption Standard|AES) 2001



1 *FIPS PUB 198 The Keyed-Hash Message Authentication Code

(HMAC) 2002


FIPS 140-2

1 The 'Federal Information Processing Standard' ('Federal Information

Processing Standard|FIPS') Publication 140-2, (FIPS PUB 140-2)


FIPS 140-2 - Purpose

1 The National Institute of Standards and Technology (NIST) issued the

FIPS 140 Publication Series to coordinate the requirements and

standards for cryptography modules that include both hardware and

software components


FIPS 140-2 - Purpose

1 Federal agencies and departments can validate that the module in use is covered by an existing FIPS 140-1

or FIPS 140-2 certificate that specifies the exact module name,

hardware, software, firmware, and/or applet version numbers


FIPS 140-2 - Security Levels

1 FIPS 140-2 defines four levels of security, simply named Level 1 to

Level 4. It does not specify in detail what level of security is required by

any particular application.


FIPS 140-2 - Cryptographic Module Validation Program

1 FIPS 140-2 establishes the CMVP|Cryptographic Module Validation

Program (CMVP) as a joint effort by the NIST and the Communications

Security Establishment (CSE) for the Canada|Canadian government.


FIPS 140-2 - FIPS 140-2 testing in this program

1 The FIPS 140-2 standard is an information technology security

accreditation program for cryptographic modules produced by private sector vendors who seek to have their products certified for use

in government departments and regulated industries (such as

financial and health-care institutions) that collect, store, transfer, share

and disseminate sensitive but unclassified (SBU) information.


FIPS 140-2 - Laboratories doing the testing

1 Cryptographic modules are tested against requirements found in FIPS PUB 140-2, Security Requirements

for Cryptographic Modules


FIPS 140-2 - Validation

1 NIST maintains validation lists for all of its cryptographic standards testing

programs (past and present). All of these lists are updated as new

modules/implementations receive validation certificates from NIST and

CSE. Items on the FIPS 140-1 and FIPS 140-2 validation list reference

validated algorithm implementations that appear on the algorithm

validation lists.https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html

FIPS 140-2 - Annexes

1 * Annex A: [http://csrc.nist.gov/publications/fips/f

ips140-2/fips1402annexa.pdf Approved Security Functions] (Draft

01-04-2011)



1 * Annex B: [http://csrc.nist.gov/publications/fips/f

ips140-2/fips1402annexb.pdf Approved Protection Profiles] (Draft

06-14-2007)



1 * Annex C: [http://csrc.nist.gov/publications/fips/f

ips140-2/fips1402annexc.pdf Approved Random Number

Generators] (Draft 11-22-2010)



1 * Annex D: [http://csrc.nist.gov/publications/fips/f

ips140-2/fips1402annexd.pdf Approved Key Establishment

Techniques] (Draft 01-04-2011)


FIPS 140-2 - Reception

1 Steven Marquess therefore argues that the FIPS process inadvertently

encourages hiding software's origins, to de-associate it from defects since

found in the original, while potentially leaving the certified copy

vulnerable.


AFIPS

1 The 'American Federation of Information Processing Societies'

(AFIPS) was an umbrella organization of professional society|professional

societies established on May 10, 1961 and dissolved in 1990. Its

mission was to advance knowledge in the field of information science,

and to represent its member societies in international forums.


AFIPS - History

1 AFIPS represented these societies in the International Federation for

Information Processing (IFIP), formed a year earlier under the auspices of

UNESCO.


AFIPS - History

1 In 1962, AFIPS took over sponsorship of the EJCC and WJCC and renamed

them the Joint Computer Conference|Spring and Fall Joint Computer

Conferences. In 1973, the two were merged in the Joint Computer

Conference|National Computer Conference (NCC), which ran

annually until it was discontinued in 1987. https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html

AFIPS - History

1 AFIPS also sponsored smaller conferences such as the Office

Automation Conference, published the Annals of the History of

Computing and other magazines, and presented an annual award -- the Harry Goode Memorial Award --

recognizing outstanding achievement in information processing.


AFIPS - History

1 AFIPS was dissolved in 1990. The IEEE Computer Society (IEEE-CS) became the

sponsor of the Goode Award, and took over publication of Annals (renamed the IEEE

Annals of the History of Computing). The IEEE-CS also joined the ACM to form the Federation on Computing in the United States (FOCUS) in 1991, to take the place of AFIPS as the United

States’ representative in IFIP. In 1999, IFIP accepted separate membership for both IEEE-

CS and ACM, and FOCUS was dissolved.


AFIPS - Structure

1 The conferences were managed by a conference board, which set the

overall direction and policies of the conferences, coordinated the actions

of the Conference Steering Committee and the National

Computer Conference Committee, and referred problems to appropriate committees such as the finance and

executive committees of AFIPShttps://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html

FIPS place code

1 'Federal Information Processing Standards' ('FIPS') are publicly announced standardizations

developed by the United States federal government for use in

computer systems by all non-military government agencies and by

government contractors, when properly invoked and tailored on a contract. The purpose of FIPS is to ensure that all federal government and agencies adhere to the same guidelines regarding security and

communication.


FIPS place code

1 Many FIPS pronouncements are modified versions of standards used in the technical communities, such as the American National Standards

Institute (ANSI), the Institute of Electrical and Electronics Engineers

(IEEE), and the International Organization for Standardization

(ISO).


FIPS place code - Standard publications

1 The U.S. government developed many FIPS pronouncements to

standardize codes: for instance, standards for encoding data (such as

country codes), but more significantly some encryption standards, such as the Data

Encryption Standard (FIPS 46-3[http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf FIPS 46-3]) and the Advanced Encryption Standard

(FIPS 197[http://csrc.nist.gov/publications/f

ips/fips197/fips-197.pdf FIPS 197])


FIPS place code - Standard publications

1 In 1994 NOAA began broadcasting coded signals called FIPS (Federal Information Processing System) codes along with their standard weather-broadcasts from local

stations. These codes identify the type of emergency and the specific geographic area, such as a county,

affected by the emergency.


FIPS place code - Withdrawal of geographic codes

1 states (FIPS 5-2), and county (United States)|

counties (FIPS 6-4)



1 FIPS 8-6 Metropolitan Areas and 9-1

Congressional Districts of the U.S



1 Until then, previously issued FIPS place codes, renamed Census Code,

will continue to be used, with the Census bureau assigning new codes

as needed for their internal use during the transition.


FIPS 10-4

1 The 'Federal Information Processing Standard|FIPS 10-4' standard,

Countries, Dependencies, Areas of Special Sovereignty, and Their

Principal Administrative Divisions, lists two-letter country codes that are

used by the U.S. Government for geographical data processing in

many publications, such as the CIA World Factbook. The standard is also known as DAFIF 0413 ed 7 Amdt. No. 3 (November 2003) and as DIA 65-18 (Defense Intelligence Agency, 1994,

Geopolitical Data Elements and Related Features).


FIPS 10-4

1 The FIPS 10-4 codes are similar to (but sometimes incompatible with)

the ISO 3166-1 alpha-2 country codes. The standard also includes

codes for the top-level subdivision of the countries, similar to but usually incompatible with the ISO 3166-2

standard.


FIPS 10-4

1 On September 2, 2008, FIPS 10-4 was one of ten standards withdrawn

by NIST as a Federal Information Processing Standard.Federal

Register, September 2, 2008 (Volume 73, Number 170), page 51276 The

National Geospatial-Intelligence Agency however still maintains the list and publishes regular updates.


List of FIPS country codes

1 This is a list of 'Federal Information Processing Standard|FIPS

10-4' List of FIPS region codes|country codes for Countries,

Dependencies, Areas of Special Sovereignty, and Their Principal

Administrative Divisions.



1 The FIPS standard includes both the codes for independent countries

(similar but sometimes incompatible with the ISO 3166-1 alpha-2

standard) and the codes for top-level subdivision of the countries (similar to but usually incompatible with the ISO 3166-2 standard). The ISO 3166

codes are used by the United Nations and for Internet top-level country

code domains.https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html


1 On September 2, 2008, FIPS 10-4 was one of ten standards withdrawn

by NIST as a Federal Information Processing Standard. It was replaced

in the U.S. Government by the Geopolitical Entities, Names, and

Codes (GENC), which is based on ISO 3166.


List of FIPS country codes - Resources

1 Updates to previous version of the standard (before FIPS-10 was

withdrawn in September 2008) are at:


List of FIPS country codes - Resources

1 * FIPS PUB 10-4: Federal Information Processing Standard 10-4:

[http://earth-info.nga.mil/gns/html/FIPS10-4_match.pdf Countries,

Dependencies, Areas of Special Sovereignty, and Their Principal

Administrative Divisions], April 1995


Federal Information Processing Standard state code - FIPS state codes

1 The following table enumerates the FIPS state alpha and numeric codes

for the states, the District of Columbia, the outlying areas of the United States, the freely associated states, and trust territory, and FIPS

state numeric codes for the individual minor outlying island

territories.



1 Only actual U.S. states and the District of Columbia had FIPS state

numeric codes in the range 01 through 56.



1 FIPS PUB 5-1 (published on June 15, 1970 and superseded by FIPS PUB 5-

2 on May 28, 1987) stated that certain numeric codes are reserved for possible future use in identifying American Samoa (03), Canal Zone (07), Guam (14), Puerto Rico (43), and Virgin Islands (52), but these

codes were omitted from FIPS PUB 5-2 without comment. These areas are marked with a * and highlighted in

red in the table below.



1 For states, the Status column in the table below includes a link to a list of the counties (boroughs and census

areas in Alaska; parishes in Louisiana) for that state including the county codes as defined in FIPS PUB 6-4. The listings of counties for other areas are set out at the end of this

article.


FIPS county code

1 On September 2, 2008, FIPS 6-4 was one of ten standards withdrawn by

NIST as a Federal Information Processing Standard.Federal

Register, September 2, 2008 (Volume 73, Number 170), page 51276 FIPS 6-

4 was replaced by INCITS 31:2009.http://www.nist.gov/itl/upload/FIPSCodesReplacementChart2012.pdf FIPS Codes Replacement Chart


FIPS county code

1 County FIPS codes in the United States are usually (with a few

exceptions) in the same sequence as alphabetized county names within the state. They are usually (but not

always) odd numbers, so that new or changed county names can be fit in

their alphabetical sequence slot.


FIPS 201

1 'FIPS 201' ('Federal Information Processing Standards|Federal

Information Processing Standard Publication 201') is a Federal

government of the United States|United States federal government standard that specifies 'Personal

Identity Verification' ('PIV') requirements for Federal employees

and contractors.https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html

FIPS 201

1 In response to HSPD-12, the National Institute of Standards and

Technology|NIST Computer Security Division initiated a new program for

improving the identification and authentication of Federal employees and contractors for access to Federal

facilities and information systems. FIPS 201 was developed to satisfy

the technical requirements of HSPD-12, approved by the United States

Secretary of Commerce|Secretary of Commerce, and issued on February

25, 2005.


FIPS 201

1 FIPS 201 together with National Institute of Standards and Technology|NIST SP 800-78

(Cryptographic Algorithms and Key Sizes for PIV) are required for U.S.

Federal Agencies, but do not apply to US National Security systems.


FIPS 201

1 The Government Smart Card Interagency Advisory Board has

indicated that to comply with FIPS 201 PIV II, US government agencies should use smart card technology.


FIPS 140

1 The 140 series of 'Federal Information Processing Standards' (Federal Information Processing

Standard|FIPS) are United States|U.S. government of the United States|government computer security standardization|standards that

specify requirements for cryptographic|cryptography modules. , the current version of the standard

is FIPS 140-2, issued on 25 May 2001.


FIPS 140 - Purpose of FIPS 140

1 FIPS 140 does not purport to provide sufficient conditions to guarantee that a module conforming to its

requirements is secure, still less that a system built using such modules is

secure



1 User agencies desiring to implement cryptographic modules should

confirm that the module they are using is covered by an existing

validation certificate. FIPS 140-1 and FIPS 140-2 validation certificates specify the exact module name,

hardware, software, firmware, and/or applet version numbers. For Levels 2

and higher, the operating platform upon which the validation is

applicable is also listed. Vendors do not always maintain their baseline

validations.



1 The Government of Canada also recommends the use of FIPS 140

validated cryptographic modules in unclassified applications of its

departments.


FIPS 140 - Security levels

1 * FIPS 140-2 Level 1 the lowest, imposes very limited requirements;

loosely, all components must be production-grade and various

egregious kinds of insecurity must be absent.



1 * FIPS 140-2 Level 2 adds requirements for physical tamper-evidence and role-based

authentication.



1 * FIPS 140-2 Level 3 adds requirements for physical tamper-resistance (making it difficult for

attackers to gain access to sensitive information contained in the module)

and identity-based authentication, and for a physical or logical

separation between the interfaces by which critical security parameters

enter and leave the module, and its other interfaces.



1 * FIPS 140-2 Level 4 makes the physical security requirements more stringent, and requires robustness

against environmental attacks.



1 Thus, a criticism of FIPS 140-2 is that the standard gives a false sense of

security at Levels 2 and above because the standard implies that

modules will be tamper-evident and/or tamper-resistant, yet modules are permitted to have side channel

vulnerabilities that allow simple extraction of keys.


FIPS 140 - Scope of requirements

1 FIPS 140 imposes requirements in eleven different

areas:


FIPS 140 - Brief history

1 FIPS 140-1, issued on 11 January 1994, was developed by a

government and industry working group, composed of vendors and

users of cryptographic equipment. The group identified the four security levels and eleven requirement areas

listed above, and specified requirements for each area at each

level.https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html


1 FIPS 140-2, issued on 25 May 2001, takes account of changes in available

technology and official standards since 1994, and of comments

received from the vendor, tester, and user communities. It was the main input document to the international standard International Organization for Standardization|ISO/International

Electrotechnical Commission|IEC ISO/IEC 19790|19790:2006 Security

requirements for cryptographic modules issued on 1 March 2006.



1 FIPS 140-3 is a new version of the standard which is currently under development. In

the first draft version of the FIPS 140-3 standard, NIST introduced a new software

security section, one additional level of assurance (Level 5) and new Simple Power

Analysis (SPA) and Differential Power Analysis (DPA) requirements. The draft

issued on 11 Sep 2009, however, reverted to four security levels and limits the security

levels of software to levels 1 and 2.


Counties of Pennsylvania - FIPS code

1 The Federal Information Processing Standard (FIPS) code, used by the

United States government to uniquely identify counties, is

provided with each entry. FIPS codes are five-digit numbers; for

Pennsylvania the codes start with 42 and are completed with the three-

digit county code. The FIPS code for each county in the table links to

census data for that county.https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html

For More Information, Visit:

• https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html

The Art of Servicehttps://store.theartofservice.com








FIPS .

Documents

Transcript of FIPS .