Federal Information Processing Standards(fips)

04 October 2022 - 3 mins read time
Tags: Technology

The Federal Information Security Management Act (FISMA), created by the National Institute of Standards and Technology (NIST) and approved by the secretary of commerce, established FIPS as standards and directives for federal computer systems. The least secure of the four security levels offered by FIPS 140-2 is Level 1, while the safest is Level 4.

Level 1’s criteria are the simplest. It needs manufacturing-specific hardware and at least one tried-and-true encryption method. When there are federal data security standards, FIPS 140-2 is widely employed in many state and local government organizations and non-governmental industries, including manufacturing, healthcare, and financial services.

FIPS 180 must, similarly, be used by all federal departments and agencies to safeguard critical unclassified data and software. Other cryptographic techniques, such as random number generators or keyed-hash message authentication codes, can be used in conjunction with secure hash algorithms.

FIPS codes for states and counties under the federal information processing system

Geographical areas are uniquely identified by FIPS codes, which are integers. FIPS codes have a different number of digits depending on the level of geography. The typical FIPS validation procedure can take up to 16 months to complete before a certificate is issued.

Phases of validation

Tests are currently being conducted on the implementation once the CMT lab receives the evidence and module.

• The hardware-based yubikey FIPS Series authentication solution satisfies compliance requirements for solid authentication while providing improved protection against phishing attacks and account takeovers. FIPS 140-2 has certified this set of security keys. (Overall Level 2, Level 3 Physical Security).

• All parts of a security system, including hardware and software, must be examined and authorized by one of the NIST-accredited independent laboratories listed below to become FIPS 140-2 validated or certified: Contemporary data security.

• The FIPS configuration property is being set.
• For non-military government agencies, government contractors, and vendors who engage with government agencies, FIPS 140-2 is the gold standard for security, the most significant benchmark in the government market.

Using FIPS-compliant hashing, encryption, and signing algorithms

Open the group policy editor, go to computer configuration > Windows settings > Security settings > Local Policies > Security options, and turn on system cryptography to use the group policy option.

FIPS created the rule-making processes used by NIST based on those outlined by the administrative procedures act.

1. The following methods are used to announce the proposed FIPS:
   • NIST’s electronic pages on the chief information officer’s council are published in the federal register for public study and comment.
   • The proposed FIPS text and any accompanying specifications are available on the NIST electronic site.
2. NIST is given a 30 to 90-day window for evaluation and comment submission on the proposed FIPS.
3. NIST evaluates the comments submitted in response to the federal register notice and the other notices to determine whether the proposed FIPS needs to be modified.
4. NIST requests approval of the recommended FIPS, the thorough rationale document, and recommendations on whether the standard should be mandatory and binding for use by the federal government from the secretary of commerce.
5. A notice announcing the secretary of commerce’s approval of the FIPS is published in the federal register and on the NIST website.
6. The detailed rationale document is available for public review and is kept on file at NIST.