Federal Information Processing Standards (FIPS) is a set of standards developed by and for Federal  Information Systems. Similar to the NIST documentation, the FIPS provides the instructions for specific areas within the systems implementation. There are several FIPS standards that apply to the design and implementation of an information system, FIPS 140, FIPS 199, and FIPS 200, FIPS 201. FIPS 140 describes the cryptographic requirements for a module that provides encryption and decryption, or hashing requirements associated with data-in-transit (DIT) and Data At Rest (DAR) information. FIPS 199 is the process used by system implementers to determine the risk associated with a system, such as risk to the nation, organization or the to the individual if integrity, confidentiality, or availability were interrupted or disrupted. The FIPS 200 describes the minimum security requirements for information systems. FIPS 201 describes the use of Personal Identity Verification requirements for federal employees and contractors, originally established in 2013, and updated as of January 2022.. 

Applicability:

  • Federal Information Systems in use by  the government or Federal Contractors
  • Important for encryption applications and protocols for data at rest and data in transit
  • Human resource processes associated with identity proofing and verification of the individual for use in federal information systems
  • Lists of FIPS-validated algorithms are available for various cryptographic functions.

URL: NIST FIPS Publications