[Federal Register Volume 60, Number 63 (Monday, April 3, 1995)]
[Notices]
[Pages 16854-16857]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 95-8068]



-----------------------------------------------------------------------

DEPARTMENT OF COMMERCE
[Docket No. 950314073-5073-01]
RIN 0693-AB41


Proposed Revision of Federal Information Processing Standard 
(FIPS) 161-1, Electronic Data Interchange (EDI)

AGENCY: National Institute of Standards and Technology (NIST), 
Commerce.

ACTION: Notice; request for comments.

-----------------------------------------------------------------------

SUMMARY: A revision of Federal Information Processing Standard (FIPS) 
161-1, Electronic Data Interchange, is being proposed. The revision 
reflects changes in the development of voluntary industry standards for 
Electronic Data Interchange (EDI), including the planned alignment of 
the X12 and UN/EDIFACT families of standards, and provides updated 
guidance to Federal agencies in the selection of EDI standards. The 
revision also establishes a Federal EDI Standards Management Committee 
to harmonize the development of EDI transaction set and message 
standards among Federal agencies, and the setting of government-wide 
implementation conventions for EDI applications used by Federal 
agencies.
    The purpose of this notice is to solicit views from the public, 
manufacturers, and Federal, state, local government, and private users 
prior to submission of this proposed revision to the Secretary of 
Commerce for review and approval.
    The proposed revision consists of the following announcement, which 
provides information concerning the applicability, implementation, and 
maintenance of the standard. Interested parties may obtain copies of 
documents defining the EDI standards from Data Interchange Standards 
Association, Inc. (DISA), 1800 Diagonal Road, Suite 200, Alexandria, VA 
22314-2852, telephone (703) 548-7005.

DATES: Comments on this proposed revision must be received on or before 
July 3, 1995.

ADDRESSES: Written comments concerning the proposed revision should be 
sent to: Director, Computer Systems Laboratory, ATTN: Proposed Revision 
of FIPS 161-1, Technology Building, Room B-154, National Institute of 
Standards and Technology, Gaithersburg, MD 20899.
    Written comments received in response to this notice will be made 
part of the public record and will be made available for inspection and 
copying in the Central Reference and Records Inspection Facility, Room 
6020, Herbert C. Hoover Building, 14th Street between Pennsylvania and 
Constitution Avenues, NW, Washington, DC 20230.

FOR FURTHER INFORMATION CONTACT:
Mr. Roy Saltman, Computer Systems Laboratory, National Institute of 
Standards and Technology, Gaithersburg, MD 20899, telephone (301) 975-
3376.

EXECUTIVE ORDER 12866: This FIPS notice has been determined to be ``not 
significant'' for purposes of E.O. 12866.

    Dated: March 28, 1995.
Samuel Kramer,
Associate Director.
Proposed Federal Information Processing Standards Publication 161-2; 
Draft 1995 February 16; Draft Announcing the Standard for Electronic 
Data Interchange (EDI)

    Federal Information Processing Standards Publications (FIPS PUBS) 
are issued by the National Institute of Standards and Technology (NIST) 
after approval by the Secretary of Commerce pursuant to section 111(d) 
of the Federal Property and Administrative Services Act of 1949 as 
amended by the Computer Security Act of 1987, Pub. L. 100-235.
    1. Name of Standard. Electronic Data Interchange (EDI) (FIPS PUB 
161-2).
    2. Category of Standard. Software Standard, Electronic Data 
Interchange.
    3. Explanation. EDI is the computer-to-computer transmission of 
strictly formatted messages that represent documents; EDI is an 
essential component of electronic commerce (EC). EC is the use of 
documents in electronic form, rather than paper, for carrying out 
functions of business or government that require interchanges between 
organizations of information, obligations, or monetary value.
    This publication adopts, as a Federal Information Processing 
Standard, recognized national and international standards for EDI. In 
EDI, data that would be traditionally conveyed on paper documents are 
transmitted or communicated electronically according to established 
rules and formats. The data that are associated with each type of 
functional document, such as a purchase order or invoice, are 
transmitted together as an electronic message. The formatted data may 
be transmitted from originator to recipient via telecommunications or 
physically transported on electronic storage media.
    EDI typically implies a sequence of messages between two parties, 
for example, buyer and seller, either of whom may serve as originator 
or recipient. Messages from buyer to seller could include, for example, 
the data necessary for request for quotation (RFQ), purchase order, 
receiving advice, and payment advice; messages from seller to buyer 
could include similarly the data for response to RFQ, purchase order 
acknowledgment, shipping notice, and invoice. EDI is being used also 
for an increasingly diverse set of concerns, for example, for 
interchanges between healthcare providers and insurers, and for 
governmental regulatory, tax, and statistical reporting.
    Implementation of EDI requires the use of a family of interrelated 
standards. The family must include standards for types of messages 
(also called ``transaction sets''), and for transmission envelopes, 
data elements, and short sequences of data elements called data 
segments. A message or transaction set standard defines the sequence of 
data segments that constitute that message or transaction set. The data 
segment directory lists all data segments, and defines the identifier 
and sequence of data elements constituting each. The data element 
directory (also called a ``dictionary'') provides specifications of all 
data elements. Transmission envelopes provide control information about 
the included messages to the carrying and receiving systems.
    The standardization of message formats, and of data segments and 
elements within the messages, makes possible the assembling, 
disassembling, and processing of the messages by computer.
    This FIPS PUB adopts, with specific conditions, the families of 
standards known as X12 and UN/EDIFACT. This FIPS PUB does not mandate 
the implementation of EDI systems within the Federal Government; rather 
it requires the use of X12 or UN/EDIFACT, subject to the conditions 
specified below, when Federal departments or agencies implement EDI 
systems. The X12 and UN/EDIFACT standards were originally developed 
respectively by Accredited Standards Committee X12 on Electronic Data 
Interchange (ASC X12), accredited by the American National Standards 
Institute (ANSI), and by the United Nations (UN) Economic Commission 
for Europe--Working Party (Four) on Facilitation of International Trade 
Procedures (UN/ECE/WP.4). Technical input from the United States in the 
development of UN/EDIFACT at the UN is through the Pan American EDIFACT 
Board (PAEB). The PAEB is separate from ASC X12, and it serves as the 
coordinating body for national [[Page 16855]] standards organizations 
of North, Central, and South America.
    FIPS PUB 161-2 supersedes FIPS PUB 161-1 in its entirety. FIPS PUB 
161-2 contains editorial changes, updated references to documents and 
organizations, and updated guidance to agencies on the selection of X12 
and UN/EDIFACT standards and implementation conventions. This guidance 
is based on recent voluntary industry standards activities and on the 
Federal Government initiative that commenced with the Presidential 
Memorandum of October 26, 1993 entitled ``Streamlining Procurement 
Through Electronic Commerce.''
    4. Approving Authority. Secretary of Commerce.
    5. Maintenance Agency. U.S. Department of Commerce, National 
Institute of Standards and Technology (NIST), Computer Systems 
Laboratory.
    6. Cross Index and Related Documents.
    6.1. Cross Index.

--FIPS PUB 113, Computer Data Authentication, May 1985.
--FIPS PUB 46-2, Data Encryption Standard, December 1993.
--FIPS PUB 186, Digital Signature Standard (DSS), May 1994.
--FIPS PUB 146-2, Profiles for Open Systems Internetworking 
Technologies, expected approval 1995.
--FIPS PUB 180-1, Secure Hash Standard, expected approval 1995.

    6.2. Related Documents.

--NIST Special Publication 500-224, Stable Implementation Agreements 
for Open Systems Interconnection Protocols, Version 8, Edition 1, March 
1995.
--NIST Special Publication 800-9, Good Security Practices for 
Electronic Commerce, Including Electronic Data Interchange, December 
1993.
--ASC X12W/94-710, ASC X12 Plan for Technical Migration To And 
Administrative Alignment With UN/EDIFACT, approved by ASC X12 on 
January 13, 1995 and modified at the ASC X12 plenary meeting, February 
6, 1995.
--NISTIR xxxx, Charter for Federal EDI Standards Management Committee, 
expected 1995.

    6.3. Sources of Documents. For the source of cited NIST 
publications, including FIPS PUBS, see Section 13. For the source of 
X12 and UN/EDIFACT documents, see Subsection 10.1.
    7. Objectives. The primary objectives of this standard are:
    a. To promote the achievement of the benefits of EDI: reduced 
paperwork, fewer transcription errors, faster response time for 
procurement and customer needs, reduced inventory requirements, and 
more timely payment of vendors;
    b. To ease the interchange of data sent via EDI by the use of 
standards for data formats and transmission envelopes;
    c. To minimize the cost of EDI implementation by preventing 
duplication of effort.
    8. Applicability.
    8.1. Conditions of Application. EDI may be employed with any type 
of operational data representable as a sequence of data elements that 
is needed to be transmitted or received on a repetitive basis by a 
Federal agency in the course of its activities. This standard is 
applicable to the interchange of such data on a particular subject, 
between a Federal agency and another organization (which may be another 
Federal agency), if (1) the data are to be transmitted electronically 
using EDI, and (2) X12 transaction sets or UN/EDIFACT messages meeting 
the data requirements of the Federal agency for the subject of the 
interchange have been developed and approved, and are acceptable for 
use under the conditions set forth in this FIPS PUB.
    8.2. Subject Matter. Examples of applications (not necessarily the 
subject of current standards) are:
    a. Vendor search and selection: Price/sales catalogs, bids, 
proposals, requests for quotations, notices of contract solicitation, 
debarment data, trading partner profiles;
    b. Contract award: Notices of award, purchase orders, purchase 
order acknowledgments, purchase order changes;
    c. Product data: Specifications, manufacturing instructions, 
reports of test results, safety data;
    d. Shipping, forwarding, and receiving: Shipping manifests, bills 
of lading, shipping status reports, receiving reports;
    e. Customs: Release information; manifest update;
    f. Payment information: Invoices, remittance advices, payment 
status inquiries, payment acknowledgments;
    g. Inventory control: Stock level reports, resupply requests, 
warehouse activity reports;
    h. Maintenance: Service schedules and activity, warranty data;
    i. Tax-related data: Tax information and filings;
    j. Insurance-related data: Health care claim; mortgage insurance 
application;
    k. Other government activities: Communications license application; 
hazardous waste report; court conviction record.
    9. Federal EDI Standards Development and Coordination.
    9.1. Federal EDI Standards Management Committee. There is 
established a Federal EDI Standards Management Committee (FESMC). The 
goal of the FESMC is to assure a single Government face to industry, 
consistency among instances of an application across agencies, 
streamlined data, and coordinated Government representation at 
standards bodies. Functions of the committee include harmonization of 
development of EDI transaction set and message standards among Federal 
agencies, and the setting of Government-wide implementation conventions 
for each EDI application used by Federal agencies. Workgroups in 
subject areas such as finance, procurement, and transportation will be 
established under FESMC. Membership on the committee shall be from 
Federal agencies using or planning to use EDI; selection of the chair 
of the committee shall be approved by the Office of Management and 
Budget.
    9.2. Agency Responsibilities.
    9.2.1. Agencies already employing X12 or UN/EDIFACT standards or 
draft standards approved under this FIPS PUB shall submit their 
implementations to FESMC for coordination.
    9.2.2. For the case in which X12 or UN/EDIFACT documents are 
available or under development for a needed subject area but do not 
meet agency requirements, agencies shall submit their requirements to 
FESMC to coordinate need changes, and shall submit their requirements 
to ASC X12 by following procedures specified in ASC X12 Standing 
Document (SD) 2, Operations Manual, and SD 6, Operations Manual (UN/
EDIFACT Standards). These are available from Data Interchange Standards 
Association, Inc. (DISA) (see Subsection 10.1 for address and phone 
number).
    9.2.3. For the case in which a subject area for which an agency 
wishes to use EDI has not yet been considered for standardization, 
agencies shall submit their requirements for standardization to FESMC 
and to ASC X12, as described in Subsection 9.2.2. Proposed 
implementations shall maximize use of existing X12 and/or UN/EDIFACT 
standards or draft standards to the extent possible. Use of already 
approved documents should minimize the administrative work involved in 
new development and in standards maintenance.
    9.2.4. Agencies shall adopt the implementation conventions (ICs) 
established by FESMC. ICs shall be classified as Implementer's 
Agreements pursuant to this FIPS PUB, but are not themselves FIPS PUBS. 
Proposed ICs will be coordinated with industry. NIST 
[[Page 16856]] will publish ICs and maintain a registry of them.
    10. Specifications. Documents are available that define the 
standard X12 transaction sets and UN/EDIFACT messages as well as the 
foundation standards for both families. Developments are continuing in 
both families of standards.
    10.1 Source of Documents. Documents defining both the X12 and UN/
EDIFACT families of standards, as well as ASC X12 and PAEB operational 
and procedural documents, are available from DISA or from a contractor 
named by DISA. DISA serves as the secretariat for ASC X12 and the PAEB: 
its address and phone number are: Address: Data Interchange Standards 
Association, Inc., 1800 Diagonal Road--Suite 200, Alexandria, VA 22314-
2852, Phone: (703) 548-7005.
    A list of available publications, as well as descriptive material, 
prices and ordering procedures, may be found in the most recent DISA 
Publications Catalog.
    10.2. ASC X12 Documents.
    10.2.1. X12 standards are published periodically with revisions and 
updates, and standards included in a publication may have one of two 
possible statuses:
    (1) Draft Standards for Trial Use (DSTUs); these are fully approved 
by ASC X12, and are typically published as ``releases'' at one-year 
intervals. DSTU Version 3, Release 4, identified as 003040, was 
published in December 1993; Version 3, Release 5, identified as 003050, 
was published in December 1994. Two interim subreleases also are 
published annually. The 1994 subreleases were identified as 003041 and 
003042.
    (2) American National Standards (ANSs); these are fully approved by 
ASC X12 and by ANSI, and are typically published as ``versions'' at 
intervals of three to five years. ANS Version 3, published in March 
1992, is functionally equivalent to DSTU Version 2, Release 4. It is 
expected that ANS Version 4, planned for 1997, will be functionally 
equivalent to DSTU Version 3, Release 7, identified as 003070.
    10.2.2. A particular X12 standard is one of three types; it may be 
a ``control and foundation standard,'' it may be a ``transaction set'' 
(which uses X12 syntax), or it may be an EDIFACT-syntax ``message.''
    10.2.3. Control and foundation standards currently include the 
following:

Data Element Dictionary X12.3
Interchange Control Structure X12.5
Application Control Structure X12.6
Segment Directory X12.22
Interconnect Mailbag Control Structures X12.56
Security Structures X12.58
Implementation of EDI Structures--Semantic Impact X12.59
    Standards X12.5 and X12.6 define the X12 syntax.
    10.2.4. DSTU Version 3 Release 5 includes 225 transaction set 
standards and two EDIFACT-syntax message standards.
    10.3 UN/EDIFACT Documents.
    10.3.1. Un/EDIFACT standards are published periodically with 
revisions and updates, and standards included in a publication may have 
one of two possible statuses:
    (1) Status 1, approved for trial use. A set of status 1 messages 
and directories is typically published yearly. The most recent set, 
identified as UN/EDIFACT Draft Messages and Directories, Version D94.B, 
was published in October 1994.
    (2) Status 2, fully approved by UN/ECE/WP.4. These may be referred 
to as the UN Trade Data Interchange Directory (UNTDID).
    Version S93.A was approved in March 1994, and Version S95.A is 
expected in September 1995.
    10.3.2. The D94.B Status 1 Draft Messages and Directories include 
the following:

Uniform Rules of Conduct for Interchange of Trade Data by 
Teletransmission (UNCID);
UN/EDIFACT Terminology;
United National Rules for EDIFACT
United Nationals Directories for EDIFACT
75 Messages of Status 1

    The United Nations Rules for EDIFACT include sections on 
establishment of United Nations standard message types (UNSMs), syntax 
rules (see Subsection 10.3.4), syntax implementation guidelines, 
message design guidelines, and general introduction for UNSM 
descriptions. The United Nations Directories for EDIFACT include the 
standard message type directory, message, frameworks, segment 
directory, composite data element directory, data element directory, 
and code lists.
    10.3.3. The S93.A Status 2 Messages and Directories (UNTDID) 
includes the same types of information provided in D94.B, excepting 
that approved messages of Status 2 instead of Status 1 are listed. 
Forty-two messages of Status 2 are specified.
    10.3.4. A foundation standard used in UN/EDIFACT is approved by the 
International Organization for Standardization (ISO); it is entitled 
ISO 9735--UN/EDIFACT Application Level Syntax Rules. There are several 
versions: Version 1 (1988), Version 2 (1990), and Version 3 (Version 2 
with Amendment 1 of December, 1992). Version 3 is included in D94.B. 
Version 4 is expected in March, 1995.
    11. Implementation.
    11.1 Schedule for Adoption. FIPS PUB 161 was effective on September 
30, 1991. Federal agencies that are not using EDI for subject matter 
for which X12 or UN/EDIFACT standards have been approved and issued 
shall utilize only those standards in EDI systems that they procure or 
develop, subject to the qualifications of Subsections 11.3, 11.4 and 
11.5. Agencies already using those standards continue to do so. 
Agencies that were using industry-specific standards for EDI on 
September 30, 1991 shall be governed by Subsection 11.6.
    11.2. Acceptance of UN/EDIFACT. In January 1995, ASC X12, by a vote 
of its membership, approved the ASC X12 Plan for Technical Migration To 
And Administrative Alignment with UN/EDIFACT. This plan was modified at 
the February 1995 plenary meeting of ASC X12. Key features of the 
modified Alignment Plan are:
    (1) Draft standards based on X12 syntax or on UN/EDIFACT syntax may 
be submitted by ASC X12 for processing as ANSs.
    (2) X12 Release 003070 shall form the basis of Version 4 of draft 
proposed X12 American National Standards (ANSs).
    (3) After the release of Version 4, ASC X12 shall continue for a 
period of time, in accordance with the plan, to develop, maintain, 
approve and publish X12-syntax transaction sets and supporting 
documents.
    (4) An ASC X12 ballot shall be conducted in 1998 to determine if 
X12-syntax transaction set development should be terminated. If the 
ballot for termination is not approved, a three-year repeating cycle 
shall occur thereafter, until no new x12-syntax transaction sets are 
being developed.
    11.3. Selection of X12 or UN/EDIFACT. X12 and UN/EDIFACT are 
separate although similar, families of standards. The existence of one 
does not preclude the other, and equivalent functionality may be 
obtained in either system. Software that assembles and disassembles 
messages and transaction sets called translation software, is available 
for both systems, often in the same package.
    In selecting a family of standards, agencies should attempt to 
maximize economy and efficiency and to minimize the costs imposed on 
U.S. businesses. [[Page 16857]] 
    11.3.1. For domestic interchanges, agencies may use, at this time, 
standards employing either X12 or UN/EDIFACT syntax or both. Selection 
of syntax for an interchange shall take into account the prevailing 
syntax used in the industry of the interchange partner. However, 
standards using UN/EDIFACT syntax shall be employed for new or 
significantly upgraded interchanges in the absence of demonstrably 
higher costs, or at the request of interchange partners providing a 
significant fraction of interchange traffic. Continued long-term use 
and maintenance of dual standards is unacceptably inefficient.
    11.3.2. For internal interchanges, migration to standards using UN/
EDIFACT syntax shall commence at this time if that syntax is not 
currently being used. A timetable for conversion to UN/EDIFACT of 
existing international implementations shall be set as applicable 
standards and software becomes available. New or significantly upgraded 
interchanges shall employ only standards using UN/EDIFACT syntax.
    11.4. Use of Draft Standards. Both X12-syntax and EDIFACT-syntax 
standards approved and published by ASC X12, if not approved at a 
higher level are designated DSTUs for purposes of this FIPS PUB. 
Federal agencies shall use only the following two type of standards for 
EDI implementations: (1) Draft standards, i.e., UN/EDIFACT Status 1 
standards or STUs from ASC X12, or (2) full standards, i.e., UN/EDIFACT 
Status 2 standards or ANSs submitted by ASC X12. Industry practice is 
to use draft standards; these represent the latest consensus and are 
available sooner than the corresponding full standards. Consequently, 
draft standards are preferred for use over full standards.
    11.5. Age-Limitations on Acceptable Standards. Agencies, in their 
agreements with interchange partners, may not use any version of an 
acceptable standard specified in Subsections 11.3 and 11.4 that is more 
than four years old, unless it is the most recent version. Any version 
of an ISO standard may be used, e.g., ISO 9735, subject to the same 
age-limitation.
    11.6. Continued Use of EDI Industry Standards. Federal agencies 
using industry-specific EDI standards on September 30, 1991 may 
continue to use those standards for five years from that date. However, 
such agencies shall, without delay, submit their standardization 
requirements as indicated in Subsections 9.2.2 and 9.2.3. Industry-
specific EDI standards may be used beyond five years only if no 
equivalent X12 or UN/EDIFACT standards, as appropriate, have been 
approved and issued by September 30, 1995. If an equivalent X12 DSTU or 
UN/EDIFACT Status 1 standard, as appropriate, is approved and issued 
after September 30, 1995, Federal agencies using an industry-specific 
standard shall have one year to convert, following the first 
publication of the approved standard. Implementation shall be 
consistent with the requirements of Subsections 11.3 and 11.4.
    11.7. Security and Authentication. Agencies shall employ risk 
management techniques to determine the appropriate mix of security 
controls needed to protect specific data and systems. The selection of 
controls shall take into account procedures required under applicable 
laws and regulations.
    Optional tools and techniques for implementation of security and 
authentication may be provided by ASC X12 and UN/ECE/WP.4 for use in 
connection with their respective families of standards. Agencies may 
utilize these tools and techniques, and/or they may utilize other 
methods in systems supporting the EDI data interchange. Methods and 
procedures implemented shall be consistent with applicable FIPS PUBS 
and guidance documents issued by NIST.
    12. Waivers. Under certain exceptional circumstances, the heads of 
Federal departments and agencies may approve waivers to Federal 
Information Processing Standards (FIPS). The head of such agency may 
redelegate such authority only to a senior official designated pursuant 
to section 3506(b) of Title 44, U.S.Code.
    Waivers shall be granted only when:
    a. Compliance with a standard would adversely affect the 
accomplishment of the mission of an operator of a Federal computer 
system, or
    b. Cause a major adverse financial impact on the operator which is 
not offset by Governmentwide savings.
    Agency heads may act upon a written waiver request containing the 
information detailed above. Agency heads may also act without a written 
waiver request when they determine that conditions for meeting the 
standard cannot be met. Agency heads may approve waivers only by a 
written decision which explains the basis on which the agency head made 
the required finding(s). A copy of each such decision, with procurement 
sensitive or classified portions clearly identified, shall be sent to: 
National Institute of Standards and Technology; Attn: FIPS Waiver 
Decisions, Technology Building, Room B-154; Gaithersburg, MD 20899.
    In addition, notice of each waiver granted and each delegation of 
authority to approve waivers shall be sent promptly to the Committee on 
Government Reform and Oversight of the House of Representatives and the 
Committee on Governmental Affairs of the Senate and shall be published 
promptly in the Federal Register.
    When the determination on a waiver applies to the procurement of 
equipment and/or services, a notice of the waiver determination must be 
published in the Commerce Business Daily as part of the notice of 
solicitation for officers of an acquisition or, if the waiver 
determination is made after that notice is published, by amendment to 
such notice.
    A copy of the waiver, any supporting documents, the document 
approving the waiver and any supporting and accompanying documents, 
with such deletions as the agency is authorized and decides to make 
under 5 U.S.C. sec. 552(b), shall be part of the procurement 
documentation and retained by the agency.
    13. Where to Obtain Copies of NIST Publications. Copies of this 
publication and NIST publications referenced in Section 6 are for sale 
by the National Technical Information Service (NTIS), U.S. Department 
of Commerce, Springfield, VA 22161; phone (703) 487-4650. When ordering 
this publication, refer to Federal Information Processing Standards 
Publication 161-2 (FIPSPUB161-2), the title. Payment may be made by 
check, money, or NTIS deposit account.

[FR Doc. 95-8068 Filed 3-31-95; 8:45 am]
BILLING CODE 3510-CN-M