Security Encyclopedia

Federal Information Processing Standard

The Federal Information Processing Standards (FIPS) are a set of US Government security requirements for data and its encryption.

FIPS are publicly shared and encouraged by the US Federal Government, and overseen by the National Institute of Standards and Technology (NIST) of the Department of Commerce. Government agencies, partners, and those wanting to do business with the federal government are required to adhere to FIPS guidelines.

FIPS are applied to the potential use case and align with the government data’s perceived value. The complying, or regulated party, then, must adhere to standards used to handle government information. As the secrecy and sensitivity of government data rises from classified to (top) secret, the severity of the FIPS standard rises as it is applied to the persons, practices, and technologies in place to hold and transmit the data.

Among FIPS standards are ones that cover data encryption such as the Advanced Encryption Standard (AES), which is a FIPS standard.

Example:

“As a vetted, DFARS-compliant solutions provider handling ‘secret’ data, all of our team members underwent and passed background checks. And, our facilities have been inspected. We also are required to use tamper-resistant hardware tokens that are FIPS 140-2 certified to access the systems where we hold DoD information.”