[Federal Register Volume 60, Number 63 (Monday, April 3, 1995)]
[Notices]
[Pages 16854-16857]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 95-8068]
-----------------------------------------------------------------------
DEPARTMENT OF COMMERCE
[Docket No. 950314073-5073-01]
RIN 0693-AB41
Proposed Revision of Federal Information Processing Standard
(FIPS) 161-1, Electronic Data Interchange (EDI)
AGENCY: National Institute of Standards and Technology (NIST),
Commerce.
ACTION: Notice; request for comments.
-----------------------------------------------------------------------
SUMMARY: A revision of Federal Information Processing Standard (FIPS)
161-1, Electronic Data Interchange, is being proposed. The revision
reflects changes in the development of voluntary industry standards for
Electronic Data Interchange (EDI), including the planned alignment of
the X12 and UN/EDIFACT families of standards, and provides updated
guidance to Federal agencies in the selection of EDI standards. The
revision also establishes a Federal EDI Standards Management Committee
to harmonize the development of EDI transaction set and message
standards among Federal agencies, and the setting of government-wide
implementation conventions for EDI applications used by Federal
agencies.
The purpose of this notice is to solicit views from the public,
manufacturers, and Federal, state, local government, and private users
prior to submission of this proposed revision to the Secretary of
Commerce for review and approval.
The proposed revision consists of the following announcement, which
provides information concerning the applicability, implementation, and
maintenance of the standard. Interested parties may obtain copies of
documents defining the EDI standards from Data Interchange Standards
Association, Inc. (DISA), 1800 Diagonal Road, Suite 200, Alexandria, VA
22314-2852, telephone (703) 548-7005.
DATES: Comments on this proposed revision must be received on or before
July 3, 1995.
ADDRESSES: Written comments concerning the proposed revision should be
sent to: Director, Computer Systems Laboratory, ATTN: Proposed Revision
of FIPS 161-1, Technology Building, Room B-154, National Institute of
Standards and Technology, Gaithersburg, MD 20899.
Written comments received in response to this notice will be made
part of the public record and will be made available for inspection and
copying in the Central Reference and Records Inspection Facility, Room
6020, Herbert C. Hoover Building, 14th Street between Pennsylvania and
Constitution Avenues, NW, Washington, DC 20230.
FOR FURTHER INFORMATION CONTACT:
Mr. Roy Saltman, Computer Systems Laboratory, National Institute of
Standards and Technology, Gaithersburg, MD 20899, telephone (301) 975-
3376.
EXECUTIVE ORDER 12866: This FIPS notice has been determined to be ``not
significant'' for purposes of E.O. 12866.
Dated: March 28, 1995.
Samuel Kramer,
Associate Director.
Proposed Federal Information Processing Standards Publication 161-2;
Draft 1995 February 16; Draft Announcing the Standard for Electronic
Data Interchange (EDI)
Federal Information Processing Standards Publications (FIPS PUBS)
are issued by the National Institute of Standards and Technology (NIST)
after approval by the Secretary of Commerce pursuant to section 111(d)
of the Federal Property and Administrative Services Act of 1949 as
amended by the Computer Security Act of 1987, Pub. L. 100-235.
1. Name of Standard. Electronic Data Interchange (EDI) (FIPS PUB
161-2).
2. Category of Standard. Software Standard, Electronic Data
Interchange.
3. Explanation. EDI is the computer-to-computer transmission of
strictly formatted messages that represent documents; EDI is an
essential component of electronic commerce (EC). EC is the use of
documents in electronic form, rather than paper, for carrying out
functions of business or government that require interchanges between
organizations of information, obligations, or monetary value.
This publication adopts, as a Federal Information Processing
Standard, recognized national and international standards for EDI. In
EDI, data that would be traditionally conveyed on paper documents are
transmitted or communicated electronically according to established
rules and formats. The data that are associated with each type of
functional document, such as a purchase order or invoice, are
transmitted together as an electronic message. The formatted data may
be transmitted from originator to recipient via telecommunications or
physically transported on electronic storage media.
EDI typically implies a sequence of messages between two parties,
for example, buyer and seller, either of whom may serve as originator
or recipient. Messages from buyer to seller could include, for example,
the data necessary for request for quotation (RFQ), purchase order,
receiving advice, and payment advice; messages from seller to buyer
could include similarly the data for response to RFQ, purchase order
acknowledgment, shipping notice, and invoice. EDI is being used also
for an increasingly diverse set of concerns, for example, for
interchanges between healthcare providers and insurers, and for
governmental regulatory, tax, and statistical reporting.
Implementation of EDI requires the use of a family of interrelated
standards. The family must include standards for types of messages
(also called ``transaction sets''), and for transmission envelopes,
data elements, and short sequences of data elements called data
segments. A message or transaction set standard defines the sequence of
data segments that constitute that message or transaction set. The data
segment directory lists all data segments, and defines the identifier
and sequence of data elements constituting each. The data element
directory (also called a ``dictionary'') provides specifications of all
data elements. Transmission envelopes provide control information about
the included messages to the carrying and receiving systems.
The standardization of message formats, and of data segments and
elements within the messages, makes possible the assembling,
disassembling, and processing of the messages by computer.
This FIPS PUB adopts, with specific conditions, the families of
standards known as X12 and UN/EDIFACT. This FIPS PUB does not mandate
the implementation of EDI systems within the Federal Government; rather
it requires the use of X12 or UN/EDIFACT, subject to the conditions
specified below, when Federal departments or agencies implement EDI
systems. The X12 and UN/EDIFACT standards were originally developed
respectively by Accredited Standards Committee X12 on Electronic Data
Interchange (ASC X12), accredited by the American National Standards
Institute (ANSI), and by the United Nations (UN) Economic Commission
for Europe--Working Party (Four) on Facilitation of International Trade
Procedures (UN/ECE/WP.4). Technical input from the United States in the
development of UN/EDIFACT at the UN is through the Pan American EDIFACT
Board (PAEB). The PAEB is separate from ASC X12, and it serves as the
coordinating body for national [[Page 16855]] standards organizations
of North, Central, and South America.
FIPS PUB 161-2 supersedes FIPS PUB 161-1 in its entirety. FIPS PUB
161-2 contains editorial changes, updated references to documents and
organizations, and updated guidance to agencies on the selection of X12
and UN/EDIFACT standards and implementation conventions. This guidance
is based on recent voluntary industry standards activities and on the
Federal Government initiative that commenced with the Presidential
Memorandum of October 26, 1993 entitled ``Streamlining Procurement
Through Electronic Commerce.''
4. Approving Authority. Secretary of Commerce.
5. Maintenance Agency. U.S. Department of Commerce, National
Institute of Standards and Technology (NIST), Computer Systems
Laboratory.
6. Cross Index and Related Documents.
6.1. Cross Index.
--FIPS PUB 113, Computer Data Authentication, May 1985.
--FIPS PUB 46-2, Data Encryption Standard, December 1993.
--FIPS PUB 186, Digital Signature Standard (DSS), May 1994.
--FIPS PUB 146-2, Profiles for Open Systems Internetworking
Technologies, expected approval 1995.
--FIPS PUB 180-1, Secure Hash Standard, expected approval 1995.
6.2. Related Documents.
--NIST Special Publication 500-224, Stable Implementation Agreements
for Open Systems Interconnection Protocols, Version 8, Edition 1, March
1995.
--NIST Special Publication 800-9, Good Security Practices for
Electronic Commerce, Including Electronic Data Interchange, December
1993.
--ASC X12W/94-710, ASC X12 Plan for Technical Migration To And
Administrative Alignment With UN/EDIFACT, approved by ASC X12 on
January 13, 1995 and modified at the ASC X12 plenary meeting, February
6, 1995.
--NISTIR xxxx, Charter for Federal EDI Standards Management Committee,
expected 1995.
6.3. Sources of Documents. For the source of cited NIST
publications, including FIPS PUBS, see Section 13. For the source of
X12 and UN/EDIFACT documents, see Subsection 10.1.
7. Objectives. The primary objectives of this standard are:
a. To promote the achievement of the benefits of EDI: reduced
paperwork, fewer transcription errors, faster response time for
procurement and customer needs, reduced inventory requirements, and
more timely payment of vendors;
b. To ease the interchange of data sent via EDI by the use of
standards for data formats and transmission envelopes;
c. To minimize the cost of EDI implementation by preventing
duplication of effort.
8. Applicability.
8.1. Conditions of Application. EDI may be employed with any type
of operational data representable as a sequence of data elements that
is needed to be transmitted or received on a repetitive basis by a
Federal agency in the course of its activities. This standard is
applicable to the interchange of such data on a particular subject,
between a Federal agency and another organization (which may be another
Federal agency), if (1) the data are to be transmitted electronically
using EDI, and (2) X12 transaction sets or UN/EDIFACT messages meeting
the data requirements of the Federal agency for the subject of the
interchange have been developed and approved, and are acceptable for
use under the conditions set forth in this FIPS PUB.
8.2. Subject Matter. Examples of applications (not necessarily the
subject of current standards) are:
a. Vendor search and selection: Price/sales catalogs, bids,
proposals, requests for quotations, notices of contract solicitation,
debarment data, trading partner profiles;
b. Contract award: Notices of award, purchase orders, purchase
order acknowledgments, purchase order changes;
c. Product data: Specifications, manufacturing instructions,
reports of test results, safety data;
d. Shipping, forwarding, and receiving: Shipping manifests, bills
of lading, shipping status reports, receiving reports;
e. Customs: Release information; manifest update;
f. Payment information: Invoices, remittance advices, payment
status inquiries, payment acknowledgments;
g. Inventory control: Stock level reports, resupply requests,
warehouse activity reports;
h. Maintenance: Service schedules and activity, warranty data;
i. Tax-related data: Tax information and filings;
j. Insurance-related data: Health care claim; mortgage insurance
application;
k. Other government activities: Communications license application;
hazardous waste report; court conviction record.
9. Federal EDI Standards Development and Coordination.
9.1. Federal EDI Standards Management Committee. There is
established a Federal EDI Standards Management Committee (FESMC). The
goal of the FESMC is to assure a single Government face to industry,
consistency among instances of an application across agencies,
streamlined data, and coordinated Government representation at
standards bodies. Functions of the committee include harmonization of
development of EDI transaction set and message standards among Federal
agencies, and the setting of Government-wide implementation conventions
for each EDI application used by Federal agencies. Workgroups in
subject areas such as finance, procurement, and transportation will be
established under FESMC. Membership on the committee shall be from
Federal agencies using or planning to use EDI; selection of the chair
of the committee shall be approved by the Office of Management and
Budget.
9.2. Agency Responsibilities.
9.2.1. Agencies already employing X12 or UN/EDIFACT standards or
draft standards approved under this FIPS PUB shall submit their
implementations to FESMC for coordination.
9.2.2. For the case in which X12 or UN/EDIFACT documents are
available or under development for a needed subject area but do not
meet agency requirements, agencies shall submit their requirements to
FESMC to coordinate need changes, and shall submit their requirements
to ASC X12 by following procedures specified in ASC X12 Standing
Document (SD) 2, Operations Manual, and SD 6, Operations Manual (UN/
EDIFACT Standards). These are available from Data Interchange Standards
Association, Inc. (DISA) (see Subsection 10.1 for address and phone
number).
9.2.3. For the case in which a subject area for which an agency
wishes to use EDI has not yet been considered for standardization,
agencies shall submit their requirements for standardization to FESMC
and to ASC X12, as described in Subsection 9.2.2. Proposed
implementations shall maximize use of existing X12 and/or UN/EDIFACT
standards or draft standards to the extent possible. Use of already
approved documents should minimize the administrative work involved in
new development and in standards maintenance.
9.2.4. Agencies shall adopt the implementation conventions (ICs)
established by FESMC. ICs shall be classified as Implementer's
Agreements pursuant to this FIPS PUB, but are not themselves FIPS PUBS.
Proposed ICs will be coordinated with industry. NIST
[[Page 16856]] will publish ICs and maintain a registry of them.
10. Specifications. Documents are available that define the
standard X12 transaction sets and UN/EDIFACT messages as well as the
foundation standards for both families. Developments are continuing in
both families of standards.
10.1 Source of Documents. Documents defining both the X12 and UN/
EDIFACT families of standards, as well as ASC X12 and PAEB operational
and procedural documents, are available from DISA or from a contractor
named by DISA. DISA serves as the secretariat for ASC X12 and the PAEB:
its address and phone number are: Address: Data Interchange Standards
Association, Inc., 1800 Diagonal Road--Suite 200, Alexandria, VA 22314-
2852, Phone: (703) 548-7005.
A list of available publications, as well as descriptive material,
prices and ordering procedures, may be found in the most recent DISA
Publications Catalog.
10.2. ASC X12 Documents.
10.2.1. X12 standards are published periodically with revisions and
updates, and standards included in a publication may have one of two
possible statuses:
(1) Draft Standards for Trial Use (DSTUs); these are fully approved
by ASC X12, and are typically published as ``releases'' at one-year
intervals. DSTU Version 3, Release 4, identified as 003040, was
published in December 1993; Version 3, Release 5, identified as 003050,
was published in December 1994. Two interim subreleases also are
published annually. The 1994 subreleases were identified as 003041 and
003042.
(2) American National Standards (ANSs); these are fully approved by
ASC X12 and by ANSI, and are typically published as ``versions'' at
intervals of three to five years. ANS Version 3, published in March
1992, is functionally equivalent to DSTU Version 2, Release 4. It is
expected that ANS Version 4, planned for 1997, will be functionally
equivalent to DSTU Version 3, Release 7, identified as 003070.
10.2.2. A particular X12 standard is one of three types; it may be
a ``control and foundation standard,'' it may be a ``transaction set''
(which uses X12 syntax), or it may be an EDIFACT-syntax ``message.''
10.2.3. Control and foundation standards currently include the
following:
Data Element Dictionary X12.3
Interchange Control Structure X12.5
Application Control Structure X12.6
Segment Directory X12.22
Interconnect Mailbag Control Structures X12.56
Security Structures X12.58
Implementation of EDI Structures--Semantic Impact X12.59
Standards X12.5 and X12.6 define the X12 syntax.
10.2.4. DSTU Version 3 Release 5 includes 225 transaction set
standards and two EDIFACT-syntax message standards.
10.3 UN/EDIFACT Documents.
10.3.1. Un/EDIFACT standards are published periodically with
revisions and updates, and standards included in a publication may have
one of two possible statuses:
(1) Status 1, approved for trial use. A set of status 1 messages
and directories is typically published yearly. The most recent set,
identified as UN/EDIFACT Draft Messages and Directories, Version D94.B,
was published in October 1994.
(2) Status 2, fully approved by UN/ECE/WP.4. These may be referred
to as the UN Trade Data Interchange Directory (UNTDID).
Version S93.A was approved in March 1994, and Version S95.A is
expected in September 1995.
10.3.2. The D94.B Status 1 Draft Messages and Directories include
the following:
Uniform Rules of Conduct for Interchange of Trade Data by
Teletransmission (UNCID);
UN/EDIFACT Terminology;
United National Rules for EDIFACT
United Nationals Directories for EDIFACT
75 Messages of Status 1
The United Nations Rules for EDIFACT include sections on
establishment of United Nations standard message types (UNSMs), syntax
rules (see Subsection 10.3.4), syntax implementation guidelines,
message design guidelines, and general introduction for UNSM
descriptions. The United Nations Directories for EDIFACT include the
standard message type directory, message, frameworks, segment
directory, composite data element directory, data element directory,
and code lists.
10.3.3. The S93.A Status 2 Messages and Directories (UNTDID)
includes the same types of information provided in D94.B, excepting
that approved messages of Status 2 instead of Status 1 are listed.
Forty-two messages of Status 2 are specified.
10.3.4. A foundation standard used in UN/EDIFACT is approved by the
International Organization for Standardization (ISO); it is entitled
ISO 9735--UN/EDIFACT Application Level Syntax Rules. There are several
versions: Version 1 (1988), Version 2 (1990), and Version 3 (Version 2
with Amendment 1 of December, 1992). Version 3 is included in D94.B.
Version 4 is expected in March, 1995.
11. Implementation.
11.1 Schedule for Adoption. FIPS PUB 161 was effective on September
30, 1991. Federal agencies that are not using EDI for subject matter
for which X12 or UN/EDIFACT standards have been approved and issued
shall utilize only those standards in EDI systems that they procure or
develop, subject to the qualifications of Subsections 11.3, 11.4 and
11.5. Agencies already using those standards continue to do so.
Agencies that were using industry-specific standards for EDI on
September 30, 1991 shall be governed by Subsection 11.6.
11.2. Acceptance of UN/EDIFACT. In January 1995, ASC X12, by a vote
of its membership, approved the ASC X12 Plan for Technical Migration To
And Administrative Alignment with UN/EDIFACT. This plan was modified at
the February 1995 plenary meeting of ASC X12. Key features of the
modified Alignment Plan are:
(1) Draft standards based on X12 syntax or on UN/EDIFACT syntax may
be submitted by ASC X12 for processing as ANSs.
(2) X12 Release 003070 shall form the basis of Version 4 of draft
proposed X12 American National Standards (ANSs).
(3) After the release of Version 4, ASC X12 shall continue for a
period of time, in accordance with the plan, to develop, maintain,
approve and publish X12-syntax transaction sets and supporting
documents.
(4) An ASC X12 ballot shall be conducted in 1998 to determine if
X12-syntax transaction set development should be terminated. If the
ballot for termination is not approved, a three-year repeating cycle
shall occur thereafter, until no new x12-syntax transaction sets are
being developed.
11.3. Selection of X12 or UN/EDIFACT. X12 and UN/EDIFACT are
separate although similar, families of standards. The existence of one
does not preclude the other, and equivalent functionality may be
obtained in either system. Software that assembles and disassembles
messages and transaction sets called translation software, is available
for both systems, often in the same package.
In selecting a family of standards, agencies should attempt to
maximize economy and efficiency and to minimize the costs imposed on
U.S. businesses. [[Page 16857]]
11.3.1. For domestic interchanges, agencies may use, at this time,
standards employing either X12 or UN/EDIFACT syntax or both. Selection
of syntax for an interchange shall take into account the prevailing
syntax used in the industry of the interchange partner. However,
standards using UN/EDIFACT syntax shall be employed for new or
significantly upgraded interchanges in the absence of demonstrably
higher costs, or at the request of interchange partners providing a
significant fraction of interchange traffic. Continued long-term use
and maintenance of dual standards is unacceptably inefficient.
11.3.2. For internal interchanges, migration to standards using UN/
EDIFACT syntax shall commence at this time if that syntax is not
currently being used. A timetable for conversion to UN/EDIFACT of
existing international implementations shall be set as applicable
standards and software becomes available. New or significantly upgraded
interchanges shall employ only standards using UN/EDIFACT syntax.
11.4. Use of Draft Standards. Both X12-syntax and EDIFACT-syntax
standards approved and published by ASC X12, if not approved at a
higher level are designated DSTUs for purposes of this FIPS PUB.
Federal agencies shall use only the following two type of standards for
EDI implementations: (1) Draft standards, i.e., UN/EDIFACT Status 1
standards or STUs from ASC X12, or (2) full standards, i.e., UN/EDIFACT
Status 2 standards or ANSs submitted by ASC X12. Industry practice is
to use draft standards; these represent the latest consensus and are
available sooner than the corresponding full standards. Consequently,
draft standards are preferred for use over full standards.
11.5. Age-Limitations on Acceptable Standards. Agencies, in their
agreements with interchange partners, may not use any version of an
acceptable standard specified in Subsections 11.3 and 11.4 that is more
than four years old, unless it is the most recent version. Any version
of an ISO standard may be used, e.g., ISO 9735, subject to the same
age-limitation.
11.6. Continued Use of EDI Industry Standards. Federal agencies
using industry-specific EDI standards on September 30, 1991 may
continue to use those standards for five years from that date. However,
such agencies shall, without delay, submit their standardization
requirements as indicated in Subsections 9.2.2 and 9.2.3. Industry-
specific EDI standards may be used beyond five years only if no
equivalent X12 or UN/EDIFACT standards, as appropriate, have been
approved and issued by September 30, 1995. If an equivalent X12 DSTU or
UN/EDIFACT Status 1 standard, as appropriate, is approved and issued
after September 30, 1995, Federal agencies using an industry-specific
standard shall have one year to convert, following the first
publication of the approved standard. Implementation shall be
consistent with the requirements of Subsections 11.3 and 11.4.
11.7. Security and Authentication. Agencies shall employ risk
management techniques to determine the appropriate mix of security
controls needed to protect specific data and systems. The selection of
controls shall take into account procedures required under applicable
laws and regulations.
Optional tools and techniques for implementation of security and
authentication may be provided by ASC X12 and UN/ECE/WP.4 for use in
connection with their respective families of standards. Agencies may
utilize these tools and techniques, and/or they may utilize other
methods in systems supporting the EDI data interchange. Methods and
procedures implemented shall be consistent with applicable FIPS PUBS
and guidance documents issued by NIST.
12. Waivers. Under certain exceptional circumstances, the heads of
Federal departments and agencies may approve waivers to Federal
Information Processing Standards (FIPS). The head of such agency may
redelegate such authority only to a senior official designated pursuant
to section 3506(b) of Title 44, U.S.Code.
Waivers shall be granted only when:
a. Compliance with a standard would adversely affect the
accomplishment of the mission of an operator of a Federal computer
system, or
b. Cause a major adverse financial impact on the operator which is
not offset by Governmentwide savings.
Agency heads may act upon a written waiver request containing the
information detailed above. Agency heads may also act without a written
waiver request when they determine that conditions for meeting the
standard cannot be met. Agency heads may approve waivers only by a
written decision which explains the basis on which the agency head made
the required finding(s). A copy of each such decision, with procurement
sensitive or classified portions clearly identified, shall be sent to:
National Institute of Standards and Technology; Attn: FIPS Waiver
Decisions, Technology Building, Room B-154; Gaithersburg, MD 20899.
In addition, notice of each waiver granted and each delegation of
authority to approve waivers shall be sent promptly to the Committee on
Government Reform and Oversight of the House of Representatives and the
Committee on Governmental Affairs of the Senate and shall be published
promptly in the Federal Register.
When the determination on a waiver applies to the procurement of
equipment and/or services, a notice of the waiver determination must be
published in the Commerce Business Daily as part of the notice of
solicitation for officers of an acquisition or, if the waiver
determination is made after that notice is published, by amendment to
such notice.
A copy of the waiver, any supporting documents, the document
approving the waiver and any supporting and accompanying documents,
with such deletions as the agency is authorized and decides to make
under 5 U.S.C. sec. 552(b), shall be part of the procurement
documentation and retained by the agency.
13. Where to Obtain Copies of NIST Publications. Copies of this
publication and NIST publications referenced in Section 6 are for sale
by the National Technical Information Service (NTIS), U.S. Department
of Commerce, Springfield, VA 22161; phone (703) 487-4650. When ordering
this publication, refer to Federal Information Processing Standards
Publication 161-2 (FIPSPUB161-2), the title. Payment may be made by
check, money, or NTIS deposit account.
[FR Doc. 95-8068 Filed 3-31-95; 8:45 am]
BILLING CODE 3510-CN-M
