96-12748. Approval of Federal Information Processing Standards Publication 161-2, Electronic Data Interchange (EDI)  

  • [Federal Register Volume 61, Number 100 (Wednesday, May 22, 1996)]
    [Notices]
    [Pages 25627-25632]
    From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
    [FR Doc No: 96-12748]
    
    
    
    -----------------------------------------------------------------------
    
    DEPARTMENT OF COMMERCE
    National Institute of Standards and Technology
    [Docket No. 950314073-6067-02]
    RIN 0693-ZA07
    
    
    Approval of Federal Information Processing Standards Publication 
    161-2, Electronic Data Interchange (EDI)
    
    AGENCY: National Institute of Standards and Technology (NIST), 
    Commerce.
    
    ACTION: Notice.
    
    -----------------------------------------------------------------------
    
    SUMMARY: The purpose of this notice is to announce that the Secretary 
    of Commerce has approved a revision of Federal Information Processing 
    Standard (FIPS) 161-1, Electronic Data Interchange (EDI), which will be 
    published as FIPS Publication 161-2. This revision reflects changes in 
    the development of voluntary industry standards for Electronic Data 
    Interchange (EDI), including the planned alignment of the X12 and UN/
    EDIFACT families of standards, and provides updated guidance to Federal 
    agencies in the selection of EDI standards. The revision adopts the HL7 
    standards for EDI as an alternative for certain healthcare 
    applications. It also establishes a Federal EDI Standards Management 
    Committee to harmonize the development of EDI transaction set and 
    message standards among Federal agencies, and the setting of 
    governmentwide implementation conventions for EDI applications used by 
    Federal agencies. FIPS PUB 161-2 supersedes FIPS PUB 161-1 in its 
    entirety. The announcement section of FIPS 161-2 is provided in this 
    notice.
        On April 3, 1995, notice was published in the Federal Register (60 
    FR 16854-16857) that a revision of Federal Information Processing 
    Standard (FIPS) 161-1, Electronic Data Interchange (EDI), was being 
    proposed for Federal use.
        The written comments submitted by interested parties and other 
    material available to the Department relevant to this standard were 
    reviewed by NIST. On the basis of this review, NIST recommended that 
    the Secretary approve the revised standard as Federal Information 
    Processing Standards Publication (FIPS PUB) 161-2, and prepared a 
    detailed justification document for the Secretary's review in support 
    of that recommendation.
        The detailed justification document which was presented to the 
    Secretary, and which includes an analysis of the written comments 
    received, is part of the public record and is available for inspection 
    and copying in the Department's Central Reference and Records 
    Inspection Facility, Room 6020, Herbert C. Hoover Building, 14th Street 
    between Pennsylvania and Constitution Avenues NW., Washington, DC 
    20230.
    
    EFFECTIVE DATE: FIPS PUB 161 was effective September 30, 1991.
    
    ADDRESSES: Interested parties may purchase copies of the announcement 
    section of FIPS 161-2 from the National Technical Information Service 
    (NTIS). Specific ordering information from NTIS for this standard is 
    set out in the Where to Obtain Copies Section of the standard.
        Documents defining both the X12 and EDIFACT families of standards 
    are available from DISA, Inc. or from its named contractor. DISA, Inc. 
    serves as the secretariat for Accredited Standards Committee (ASC) X12 
    and the Pan American EDIFACT Board (PAEB) and its address and phone 
    number are as follows: Data Interchange Standards Association, Inc. 
    (DISA, Inc.), 1800 Diagonal Road, Suite 200, Alexandria, VA 22314-2852. 
    Telephone (703) 548-7005.
        HL7 documents are available from: Health Level Seven, Inc., 3300 
    Washtenaw Avenue, Suite 227, Ann Arbor, MI 48104. Telephone (313) 677-
    7777.
    
    FOR FURTHER INFORMATION CONTACT: Mr. Roy Saltman, telephone (301) 975-
    3376, National Institute of Standards and Technology, Gaithersburg, MD 
    20899.
    
        Dated: May 16, 1996.
    Samuel Kramer,
    Associate Director.
    
    Federal Information Processing Standards Publication 161-2, 1996 Month 
    Day, Announcing the Standard for Electronic Data Interchange (EDI)
    
        Federal Information Processing Standards Publications (FIPS PUBS) 
    are issued by the National Institute of Standards and Technology (NIST) 
    after approval by the Secretary of Commerce pursuant to Section 5131 of 
    the Information Technology Management
    
    [[Page 25628]]
    
    Reform Act of 1996 and the Computer Security Act of 1987, Public Law 
    104-106.
        1. Name of Standard. Electronic Data Interchange (EDI) (FIPS PUB 
    161-2).
        2. Category of Standard. Electronic Data Interchange.
        3. Explanation.
        3.1. Definition and Use of EDI. EDI is the computer-to-computer 
    interchange of strictly formatted messages that represent documents 
    other than monetary instruments. EDI implies a sequence of messages 
    between two parties, either of whom may serve as originator or 
    recipient. The formatted data representing the documents may be 
    transmitted from originator to recipient via telecommunications or 
    physically transported on electronic storage media.
        In EDI, the usual processing of received messages is by computer 
    only. Human intervention in the processing of a received message is 
    typically intended only for error conditions, for quality review, and 
    for special situations. For example, the transmission of binary or 
    textual data is not EDI as defined here unless the data are treated as 
    one or more data elements of an EDI message and are not normally 
    intended for human interpretation as part of on-line data processing.
        An example of EDI is a set of interchanges between a buyer and a 
    seller. Messages from buyer to seller could include, for example, 
    request for quotation (RFQ), purchase order, receiving advice and 
    payment advice; messages from seller to buyer could include, similarly, 
    bid in response to RFQ, purchase order acknowledgment, shipping notice 
    and invoice. These messages may simply provide information, e.g., 
    receiving advice or shipping notice, or they may include data that may 
    be interpreted as a legally binding obligation, e.g., bid in response 
    to RFQ or purchase order.
        EDI is being used also for an increasingly diverse set of concerns, 
    for example, for interchanges between healthcare providers and 
    insurers, for travel and hotel bookings, for education administration, 
    and for government regulatory, statistical and tax reporting.
        3.2. Standards Required for EDI. From the point of view of the 
    standards needed, EDI may be defined as an interchange between 
    computers of a sequence of standardized messages taken from a 
    predetermined set of message types. Each message is composed, according 
    to a standardized syntax, of a sequence of standardized data elements. 
    It is the standardization of message formats using a standard syntax, 
    and the standardization of data elements within the messages, that 
    makes possible the assembling, disassembling, and processing of the 
    messages by computer.
        Implementation of EDI requires the use of a family of interrelated 
    standards. Standards are required for, at minimum: (a) the syntax used 
    to compose the messages and separate the various parts of a message, 
    (b) types and definitions of application data elements, most of 
    variable length, (c) the message types, defined by the identification 
    and sequence of data elements forming each message, and (d) the 
    definitions and sequence of control data elements in message headers 
    and trailers.
        Additional standards may define: (e) a set of short sequences of 
    data elements called data segments, (f) the manner in which more than 
    one message may be included in a single transmission, and (g) the 
    manner of adding protective measures for integrity, confidentiality, 
    and authentication into transmitted messages.
        3.3. Limited Coverage of this Standard. This FIPS covers only EDI. 
    It does not cover other forms of electronic interchange, for example, 
    systems of interchange that do not consist of messages taken from a 
    predetermined set. Additionally, an interchange application including 
    only one or two predetermined message types using only fixed-length 
    data elements is excluded from coverage of this FIPS. This FIPS also is 
    not intended to cover transmissions from medical, laboratory, or 
    environment-sensing instrumentation.
        3.4. The Long-Range Goal for EDI Standards. There are several 
    different EDI standards in use today, but the achievement of a single 
    universally-used family of EDI standards is a long-range goal. A single 
    universally-used family of standards would make use of EDI more 
    efficient and minimize aggregate costs of use. Specifically, it would 
    (a) minimize needs for training of personnel in use and maintenance of 
    EDI standards, (b) eliminate duplication of functionality and the costs 
    of achieving that duplication now existing in different systems of 
    standards, (c) minimize requirements for different kinds of translation 
    software, and (d) allow for a universal set of data elements that would 
    ease the flow of data among different but interconnected applications, 
    and thereby maximize useful information interchange.
        This FIPS PUB recognizes the reality that some families of EDI 
    standards were developed to provide solutions to immediate needs, and 
    that inclusion of the goal of universality in their development would 
    have unacceptably delayed their availability. However, a future is 
    envisioned in which the benefits of universality outweigh the sunk 
    costs in specialized solutions, leading first to cooperation among 
    standards developers, then to harmonization of standards, and 
    eventually to a single universally accepted family of EDI standards.
        3.5. Adoption of Specific Families of Standards. This FIPS PUB 
    adopts, with specific conditions specified below, the families of EDI 
    standards known as X12, UN/EDIFACT and HL7. This FIPS PUB does not 
    mandate the implementation of EDI systems within the Federal 
    Government; rather it requires the use of the identified families of 
    standards with specified constraints when Federal departments or 
    agencies implement EDI systems.
        The UN/EDIFACT standards may be used for any application, domestic 
    or international. The X12 standards may be used for any domestic 
    application. The HL7 standards are adopted as an alternative for 
    certain healthcare applications, specifically for transmission of 
    patient records and of clinical, epidemiological, and regulatory data. 
    HL7 standards are not to be used for healthcare insurance 
    administrative applications, such as for enrollments, claims, and claim 
    payments, or for any aspect of the Government procurement cycle, such 
    as for registration of vendors, RFQ, purchase order, shipping notice, 
    or payment advice.
        The cross-use of data elements is encouraged. A data element 
    received through one system of EDI standards, or through a non-EDI 
    interchange, may be re-transmitted as a data element in any of the 
    approved systems of EDI standards.
        The adopted standards were developed by the following 
    organizations: the X12 standards by Accredited Standards Committee X12 
    on Electronic Data Interchange (ASC X12), accredited by the American 
    National Standards Institute (ANSI); the HL7 standards by Health Level 
    Seven, Inc., an ANSI-accredited standards developer; and the UN/EDIFACT 
    standards by the United Nations (UN) Economic Commission for Europe--
    Working Party (Four) on Facilitation of International Trade Procedures 
    (UN/ECE/WP.4). Technical input from the United States in the 
    development of UN/EDIFACT at the UN is through the Pan American EDIFACT 
    Board (PAEB). The PAEB is separate from ASC X12, and it serves as the 
    coordinating body for national standards organizations of North, 
    Central, and South America.
        3.6. Status of this FIPS PUB Revision. FIPS PUB 161-2 supersedes 
    FIPS PUB 161-1 in its entirety. FIPS PUB 161-2
    
    [[Page 25629]]
    
    contains editorial changes, updated references to documents and 
    organizations, and new guidance to agencies on the selection of 
    national and international standards and implementation conventions. 
    This guidance is based on recent voluntary industry standards 
    activities and on the Federal Government initiative that commenced with 
    the Presidential Memorandum of October 26, 1993 entitled ``Streamlining 
    Procurement Through Electronic Commerce.''
        4. Approving Authority. Secretary of Commerce.
        5. Maintenance Agency. U.S. Department of Commerce, National 
    Institute of Standards and Technology (NIST), Computer Systems 
    Laboratory.
        6. Cross Index and Related Documents.
        6.1. Cross Index.
    
    --FIPS PUB 146-2, Profiles for Open Systems Internetworking 
    Technologies, May 1995.
    
        6.2. Related Documents.
    
    --ASC X12W/95-137, The ASC X12 Plan for Technical Migration to and 
    Administrative Alignment With UN/EDIFACT (amended), 5/8/95.
    --NIST Special Publication 500-224, Stable Implementation Agreements 
    for Open System Environment, Version 8, Edition 1, 12/94.
    --NIST Special Publication 800-9, Good Security Practices for 
    Electronic Commerce, Including Electronic Data Interchange, 12/93/.
    --Office of Management and Budget (OMB) Circular A-119 (revised), 
    Federal Participation in the Development and Use of Voluntary 
    Standards, 10/93.
    --UN/ECE/WP.4--Recommendation No. 25 on the Use of the UN/EDIFACT 
    Standard, 9/95.
        6.3. Sources of Documents. For the source of cited NIST 
    publications, including FIPS PUBS, see Section 13. For the source of 
    X12, UN/EDIFACT and HL7 documents, see Subsection 10.1.
        7. Objectives. The primary objectives of this standard are:
        a. to ease the interchange of data sent electronically by use of 
    common standards that allow for automated message processing;
        b. to promote the achievement of the benefits of EDI: reduced 
    paperwork, fewer transcription errors, faster response time for 
    procurement and customer needs, reduced inventory requirements, more 
    timely payment of vendors, and closer coordination of data being 
    processed on different computers for the same application;
        c. to promote migration to a universally used family of EDI 
    standards, in order to further Government efficiency and to minimize 
    the cost of EDI implementation by preventing duplication of effort.
        8. Applicability.
        8.1. Conditions of application. EDI may be employed with any type 
    of operational data representable as a sequence of data elements that 
    is needed to be transmitted or received on a repetitive basis by a 
    Federal agency in the course of its activities. This standard is 
    applicable to the interchange of such data on a particular subject 
    within a Federal agency, or between a Federal agency and another 
    organization (which may be another Federal agency), if (1) The data are 
    to be transmitted electronically or physically transported between 
    computers using EDI, and (2) the necessary standard messages meeting 
    the data requirements of the Federal agency for the subject of the 
    interchange have been developed and approved, and are acceptable for 
    use under the conditions set forth in this FIPS PUB.
        8.2. Subject Matter. Examples of applications (not necessarily the 
    subject of current standards) are:
        a. vendor search and selection: price/sales catalogs, bids, 
    proposals, requests for quotations, notices of contract solicitation, 
    debarment data, trading partner profiles;
        b. contract award: notices of award, purchase orders, purchase 
    order acknowledgments, purchase order changes;
        c. product data: specifications, manufacturing instructions, 
    reports of test results, safety data;
        d. shipping, forwarding, and receiving: shipping manifests, bills 
    of lading, shipping status reports, receiving reports;
        e. customs: release information; manifest update;
        f. payment information: invoices, remittance advices, payment 
    status inquiries, payment acknowledgments;
        g. inventory control: stock level reports, resupply requests, 
    warehouse activity reports;
        h. maintenance: service schedules and activity, warranty data;
        i. tax-related data: tax information and filings;
        j. insurance-related data: healthcare claim; mortgage insurance 
    application;
        k. other government activities: communications license application; 
    court conviction record; hazardous material report; healthcare event 
    report.
        9. Coordination of Federal EDI Standards Development and 
    Implementation.
        9.1. Federal EDI Standards Management Coordinating Committee. There 
    is established a Federal EDI Standards Management Coordinating 
    Committee (FESMCC). The FESMCC is established to support the goal of a 
    single face for the Federal Government to its trading partners in the 
    use of EDI.
        9.1.1. A responsibility of the FESMCC is the selection of 
    implementation conventions (ICs) to be used with EDI interchanges 
    between the Federal Government and its trading partners. EDI messages 
    (also called transaction sets) are approved by standards committees 
    with allowances for format options, in order to widen the applicability 
    of the standards to different uses. The purpose of ICs is to select 
    specific options in EDI standards so that interchanges are completely 
    determined in format in advance of use.
        9.1.2. The basic functions of the FESMCC are:
        (a) to adopt Government-wide ICs for use with EDI standards; the 
    goal is adoption of one IC for each functional application of a message 
    or transaction set within a given version/release of an EDI standard;
        (b) to coordinate Federal agency participation in EDI standards 
    bodies, to assure adequate consideration of the Government's business 
    needs and to assure consistency of position; and
        (c) to share EDI information among agencies regrading current or 
    planned implementations to avoid duplicate efforts and streamline the 
    process.
        9.1.3. Voting membership in the FESMCC shall consist of, at 
    minimum, one representative from each participating Federal Executive 
    Branch department and independent agency using or planning to use EDI, 
    plus a representative from NIST. The FESMCC, under its charter and 
    operating rules (see Subsection 9.1.5), may add additional voting 
    representatives, including those from the other branches of the Federal 
    Government. The chair of the FESMCC shall be elected by its membership 
    and approved by OMB.
        9.1.4. The FESMCC shall establish a secretariat in order to 
    maintain an official registry of approved and draft ICs, provide 
    controlled access to the registry including electronic remote access 
    capability, provide a point of contact for publicizing draft ICs and 
    receiving comments on them, provide a single point for submission of 
    work requests to standards bodies, and for related functions.
        9.1.5. The FESMCC shall establish a charter and operating rules to 
    assist it in carrying out its identified functions.
        9.2. Functional Work Groups.
        9.2.1. The FESMCC may establish Functional Work Groups (FWGs) to 
    consider and recommend ICs in subject
    
    [[Page 25630]]
    
    areas. Examples of subject areas are procurement, finance, logistics, 
    and healthcare. Requirements for voting membership shall be established 
    by the FESMCC under its charter and operating rules. The voting members 
    shall elect a chair.
        9.2.2. Each FWG shall recommend, to the full FESMCC, ICs that it 
    has developed and approved as meeting Federal Government and trading 
    partner business requirements. FWGs should consult with appropriate 
    industry groups in the development of ICs.
        9.3. Agency Responsibilities.
        9.3.1. Agencies shall register ICs that they are using with the 
    FESMCC secretariat.
        9.3.2. Agencies using X12, UN/EDIFACT, or HL7 versions and releases 
    for which ICs have been established by the FESMCC shall adopt those 
    ICs. If an IC does not meet business needs, requirements shall be 
    submitted to the FESMCC. ICs shall be classified as Implementer's 
    Agreements pursuant to this FIPS PUB, but are not themselves FIPS PUBs.
        9.3.3. Agencies using or planning to use EDI shall designate 
    representatives to the FESMCC and each relevant FWG.
        9.3.4. Agencies requiring new EDI standards or changes to existing 
    EDI standards to meet their business needs shall submit their 
    requirements to the appropriate standards bodies and shall 
    simultaneously submit their requirements to the FESMCC and relevant 
    FWGs for coordination. Procedures and forms for submission of new 
    requirements through ASC X12 are specified in Standing Document (SD) 2, 
    Operations Manual, and SD6, Operations Manual for UN/EDIFACT Standards. 
    These manuals are available from Data Interchange Standards 
    Association, Inc. (DISA, Inc.). Procedures and forms for submission of 
    new requirements for UN/EDIFACT standards directly through the PAEB are 
    also available from DISA, Inc. HL7 operating procedures are specified 
    in its bylaws, available from Health Level Seven, Inc.
        10. Specifications. Documents are available that define the X12, 
    UN/EDIFACT, and HL7 standards and provide information about the 
    standards organizations and their standards development processes. 
    Developments are continuing in each of these families of standards.
        10.1. Source of Documents. Documents concerning both the X12 and 
    UN/EDIFACT families of standards are available from DISA, Inc. or from 
    its named contractor. DISA, Inc. serves as the secretariat for ASC X12 
    and the PAEB and may be contacted at:
    
    Address: Data Interchange Standards Association, Inc., 1800 Diagonal 
    Road--Suite 200, Alexandria, VA 22314-2852,
    Phone: (703) 548-7005
    
        A list of available standards publications, as well as descriptive 
    material, prices and ordering procedures, may be found in the most 
    recent DISA, Inc. Publications Catalog.
        HL7 documents are available from:
    
    Address: Health Level Seven, Inc., 3300 Washtenaw Avenue, Suite 227, 
    Ann Arbor, MI 48104,
    Phone: (313) 677-7777
    
        10.2. ASC X12 Documents. X12 standards are published periodically 
    with revisions and updates, and standards included in a publication may 
    have one of two possible statuses:
        (1) Draft Standards for Trial Use (DSTUs); these are fully approved 
    by ASC X12, and are typically published as ``releases'' at one-year 
    intervals. DSTU Version 3, Release 4, identified as 003040, was 
    published in 12/93; Version 3, Release 5, identified as 003050, was 
    published in 12/94. The next release, identified as 003060, is 
    available as of 1/96.
        (2) American National Standards (ANSs); these are fully approved by 
    ASC X12 and by ANSI, and are typically published as ``versions'' at 
    intervals of three to five years. ANS Version 3, 3/92, is functionally 
    equivalent to DSTU Version 2, Release 4. It is expected that ANS 
    Version 4, planned for 1997, will be functionally equivalent to DSTU 
    Version 3, Release 7, identified as 003070.
        10.3. UN/EDIFACT Documents. UN/EDIFACT standards are published 
    periodically with revisions and updates, and standards included in a 
    publication may have one of two possible statuses:
        (1) Status 1, approved for trial use. A set of documents identified 
    as UN/EDIFACT Draft Messages and Directories, Version D.95A, was 
    published in 5/95. This document also included Status 2 messages. A new 
    set of standards, identified as D.95B and also including Status 2 
    messages, was approved in 9/95.
        (2) Status 2, fully approved by UN/ECE/WP.4. The set of Status 2 
    documents may be referred to as the UN Trade Data Interchange Directory 
    (UNTDID). The last published version of Status 2 standards only, S.93A, 
    was issued in 5/94. See also Subsection 11.4 for additional information 
    on UN/EDIFACT Status 2.
        10.4. HL7 Documents. HL7 standards are published as a single 
    volume. The current set is Version 2.2, published 12/94. A new Version 
    2.3 is planned for Fall 1996. HL7 standards also have one of two 
    possible statuses:
        (1) HL7 standards, approved by the membership of HL7 but not yet 
    approved by ANSI.
        (2) American National Standards (ANSs); these are fully approved by 
    HL7 and by ANSI.
        11. Implementation.
        11.1. Schedule for Adoption. FIPS PUB 161 was effective on 
    September 30, 1991. Federal agencies that are not using EDI for subject 
    matter for which X12, UN/EDIFACT, and HL7 standards have been approved 
    and issued shall utilize only those standards in EDI systems that they 
    procure or develop, subject to the qualifications of Subsections 3.5, 
    11.3, 11.4 and 11.5. Agencies that are using those standards shall 
    continue to do so, subject to the same qualifications. Agencies that 
    were using other standards on or after September 30, 1991 shall be 
    governed by Subsection 11.6.
        11.2. Acceptance of UN/EDIFACT by ASC X12. In January 1995, ASC 
    X12, by a membership vote, approved the ASC X12 Plan for Technical 
    Migration to and Administrative Alignment With UN/EDIFACT. This plan 
    was modified at the February 1995 plenary meeting of ASC X12. Key 
    features of the modified Alignment Plan are:
        (1) Draft standards based on X12-syntax or on UN/EDIFACT syntax may 
    be submitted by ASC X12 to ANSI for processing as ANSs.
        (2) X12 Release 003070 shall form the basis of Version 4 of draft 
    proposed X12 American National Standards (ANSs).
        (3) After the release of Version 4, ASC X12 shall continue for a 
    period of time, in accordance with the plan, to develop, maintain, 
    approve and publish X12-syntax transaction sets and supporting 
    documents.
        (4) An ASC X12 ballot shall be conducted in 1998 to determine if 
    X12-syntax transaction set development should be terminated. If the 
    ballot for termination is not approved, a three-year repeating cycle 
    shall occur thereafter, until no new X12-syntax transaction sets are 
    being developed.
        11.3. Selection of a Family of Standards.
        11.3.1. Different families of EDI standards are distinct, although 
    performing similar functions; the existence of one does not preclude 
    the others. Equivalent functionality may be obtained in any system by 
    the addition, if required, of new or revised message formats and data 
    elements. Software that assembles and disassembles messages and 
    transaction sets, called translation software, is widely available, 
    often for more than one system in the
    
    [[Page 25631]]
    
    same package. In selecting a family of standards for domestic 
    applications, agencies should attempt to maximize Government economy 
    and efficiency and to minimize the costs imposed on U.S. businesses.
        11.3.2. For any domestic application with a non-Government partner, 
    and for related intra-Government applications, selection of a family of 
    standards shall take into account the prevailing family used in the 
    industry of the interchange partners for the application. However, UN/
    EDIFACT standards shall be employed for new or significantly upgraded 
    interchanges in the absence of demonstrably higher costs, or at the 
    request of interchange partners providing a significant fraction of 
    interchange traffic. Continued long-term use and maintenance of more 
    than one family of standards is unacceptably inefficient.
        11.3.3. For international applications except as specified in 
    Subsection 11.3.4, planning for migration to the UN/EDIFACT family of 
    standards shall commence at this time if that family is not currently 
    being used. A timetable for conversion to UN/EDIFACT of existing 
    international implementations shall be set as applicable standards and 
    software become available. New or significantly upgraded interchanges 
    shall employ only standards using UN/EDIFACT.
        11.3.4. The HL7 family of standards may be used for international 
    applications in the fields of public health and health regulatory 
    information, pursuant to agreements of international organizations 
    whose membership includes representation of national or multi-national 
    governmental health agencies. However, users shall coordinate with the 
    developers of UN/EDIFACT, in order to prevent duplication of effort, 
    provide for cross-use of data elements, and provide a path for 
    harmonization and eventual migration or coalescence.
        11.4. Use of Category (1) Standards. UN/EDIFACT Status 1 standards, 
    X12 DSTUs, and HL7 standards not yet approved by ANSI are defined as 
    Category (1) standards. UN/EDIFACT Status 2 standards and ANSs 
    submitted by ASC X12 and HL7 are defined as Category (2) standards. 
    Federal agencies shall use only Category (1) or Category (2) standards 
    for EDI implementations. Industry practice is to use Category (1) 
    standards; these represent the latest consensus and are available 
    sooner than the corresponding full standards of Category (2). 
    Consequently, Category (1) standards are preferred, but not mandated at 
    this time. Note: There is a possibility that UN/EDIFACT Status 2 
    standards will be eliminated by UN/ECE/WP.4. In that case, UN/EDIFACT 
    Status 1 standards would be required when UN/EDIFACT is implemented.
        11.5. Continued Use of Existing Approved Implementations. An 
    existing implementation of any version of an approved standard 
    specified in Subsections 3.5, 11.3 and 11.4 may continue to be used as 
    long as it continues to meet the business needs of the using agency and 
    its interchange partners. Significant upgrades of existing 
    implementations shall be to versions and releases for which ICs have 
    been approved by the FESMCC, if any are available.
        11.6. Continued Use of Other EDI Standards. Under the initial issue 
    of this FIPS, Federal agencies using ``industry-specific'' EDI 
    standards were permitted to use those standards for five years from 
    September 30, 1991, i.e., until September 30, 1996. Agencies were 
    permitted to use ``industry-specific'' EDI standards beyond five years 
    only if no equivalent X12 or UN/EDIFACT standards, as appropriate, were 
    approved and issued by September 30, 1995. If an equivalent and 
    appropriate standard were issued after the latter date, agencies were 
    given one year to convert. These provisions remain in effect for all 
    application areas except health care.
        For healthcare applications, agencies may use EDI standards other 
    than UN/EDIFACT, X12, or HL7 through September 30, 1997. Other 
    standards may be used beyond that date only if no functionally 
    equivalent standards that meet the conditions of use specified in 
    Subsections 3.5, 11.3 and 11.4 are approved and issued by September 30, 
    1996. If a Category (1) standard meeting business requirements and 
    allowable conditions of use is first issued after the latter date, 
    agencies have one year to convert following the issuance of the release 
    containing the implementable standard.
        Requirements for submission of proposed new or revised standards 
    are specific in Subsection 9.3.4.
        11.7. Security and Authentication. Agencies shall employ risk 
    management techniques to determine the appropriate mix of security 
    controls needed to protect specific data and systems. The selection of 
    controls shall take into account procedures required under applicable 
    laws and regulations.
        Optional tools and techniques for implementation of security and 
    authentication may be provided by ASC X12 and UN/ECE/WP.4 for use in 
    connection with their respective families of standards. Agencies may 
    utilize these tools and techniques, and/or they may utilize other 
    methods in systems supporting the EDI data interchange. Methods and 
    procedures implemented shall be consistent with applicable FIPS PUBS 
    and guidance documents issued in NIST.
        12. Waivers. Under certain exceptional circumstances, the heads of 
    Federal departments and agencies may approve waivers to Federal 
    Information Processing Standards (FIPS). The head of such agency may 
    redelegate such authority only to a senior official designated pursuant 
    to Section 3506(a) of Title 44, U.S. Code.
        Waivers shall be granted only when:
        a. Compliance with a standard would adversely affect the 
    accomplishment of the mission of an operator of a Federal computer 
    system, or
        b. Cause a major adverse affect the accomplishment of the mission 
    of an operator which is not offset by Government-wide savings.
        Agency heads may act upon a written waiver request containing the 
    information detailed above. Agency heads may also act without a written 
    waiver request when they determine that conditions for meeting the 
    standard cannot be met. Agency heads may approve waivers only by a 
    written decision which explains the basis on which the agency head made 
    the required finding(s). A copy of each such decision, with procurement 
    sensitive or classified portions clearly identified, shall be sent to: 
    National Institute of Standards and Technology; Attn: FIPS Waiver 
    Decisions, Technology Building, Room B-154; Gaithersburg, MD 20899.
        In addition, notice of each waiver granted and each delegation of 
    authority to approve waivers shall be sent promptly to the Committee on 
    Government Reform and Oversight of the House of Representatives and the 
    Committee on Governmental Affairs of the Senate and shall be published 
    promptly in the Federal Register.
        When the determination on a waiver applies to the procurement of 
    equipment and/or services, a notice of the waiver determination must be 
    published in the Commerce Business Daily as part of the notice of 
    solicitation for offers of an acquisition or, if the waiver 
    determination is made after that notice is published, by amendment to 
    such notice.
        A copy of the waiver, any supporting documents, the document 
    approving the waiver and any supporting and accompanying documents, 
    with such deletions as the agency is authorized and decides to make 
    under 5 U.S.C. Sec. 552(b), shall be part of the procurement 
    documentation and retained by the agency.
    
    [[Page 25632]]
    
        13. Where to Obtain Copies of NIST Publications. Copies of this 
    publication and NIST publications referenced in Section 6 are for sale 
    by the National Technical Information Service (NTIS), U.S. Department 
    of Commerce, Springfield, VA 22161; phone (703) 487-4650. When ordering 
    this publication, refer to Federal Information Processing Standards 
    Publication 161-2 (FIPSPUB161-2), and title. Payment may be made by 
    check, money order, or NTIS deposit account.
    
    [FR Doc. 96-12748 Filed 5-21-96; 8:45 am]
    BILLING CODE 3510-CN-M
    
    

Document Information

Effective Date:
9/30/1991
Published:
05/22/1996
Department:
National Institute of Standards and Technology
Entry Type:
Notice
Action:
Notice.
Document Number:
96-12748
Dates:
FIPS PUB 161 was effective September 30, 1991.
Pages:
25627-25632 (6 pages)
Docket Numbers:
Docket No. 950314073-6067-02
RINs:
0693-ZA07
PDF File:
96-12748.pdf