Skip to content
Home

Federal Information Processing Standards (FIPS)

FIPS are United States government standards, published by NIST, that specify security, interoperability, and technical requirements for non-military federal agencies and contractors.

Federal Information Processing Standards (FIPS) are a set of publicly announced standards intended primarily for use by non‑military agencies of the United States federal government and by contractors who do business with them. They define technical and procedural requirements in areas such as information security, data formats, cryptography, and identity management. FIPS documents are published and maintained by the National Institute of Standards and Technology (NIST) and are widely cited in procurement, compliance, and federal policy.

Scope and purpose

FIPS aim to promote interoperability, consistency, and a minimum level of assurance across federal information systems. Some FIPS are mandatory for executive branch agencies; others serve as authoritative guidance referenced in regulations and contracts. The standards cover both high‑level programmatic topics (for example, how to classify information systems) and detailed technical requirements (for example, approved cryptographic algorithms and module validation criteria).

Relationship to other standards

Many FIPS are adaptations or formalizations of standards already used in the broader technical community. They may incorporate or modify specifications from standards bodies and industry consortia to meet federal needs. Examples of organizations whose work is often referenced or harmonized with FIPS include IEEE and ISO. When differences are required for security, interoperability, or legal reasons, a FIPS can supersede or constrain an otherwise applicable commercial standard for federal use.

Notable examples

  • FIPS 140 series — standards for validating cryptographic modules used to protect sensitive but unclassified information; these specify design, documentation, and testing requirements for hardware and software cryptography.
  • FIPS 197 — specifies the Advanced Encryption Standard (AES) as an approved algorithm for federal use.
  • FIPS 180 series — specifies secure hash algorithms (SHA) used for integrity and digital signatures.
  • FIPS 201 — defines Personal Identity Verification (PIV) requirements for federal smart cards and identity credentials.
  • FIPS 199 — provides a framework for categorizing information and information systems by security impact.

Development, updates, and status

NIST develops FIPS through internal work and public review, often consulting technical experts, federal stakeholders, and industry. A given FIPS can be revised, superseded, or withdrawn; later NIST publications and special publications frequently expand on or implement FIPS requirements. Agencies and vendors must track the current status of a FIPS to determine applicable obligations and testing expectations.

Uses and practical importance

FIPS play a central role in federal acquisition, system accreditation, and compliance assessments. Contractors, product developers, and laboratories rely on FIPS for mandatory requirements and for lab validation programs. While FIPS target federal systems, many private‑sector organizations also adopt FIPS-based controls to meet customer expectations or to align with government partners. FIPS differ from military specifications and from purely voluntary industry standards in their scope, authority, and the processes used to approve and enforce them.

Related articles

Author

AlegsaOnline.com Federal Information Processing Standards (FIPS)

URL: https://en.alegsaonline.com/art/33843

Share