STANDARDS FOR OPEN SYSTEMS: MORE FLEXIBILITY FOR FEDERAL USERS Communications networks are essential to the federal government's plans for using information technology to improve the effectiveness of agency programs and to provide better services to citizens. Government initiatives for streamlined procurement practices and easy access to government information rely on the interoperability and openness of different computers and communications systems. Today a wide variety of computers and communications technologies are being used by organizations to carry out their programs. Mainframe computers, local area networks, workstations, personal computers, proprietary and standards-based networking services and protocols often operate in isolated applications. Not all of today's products are interoperable, and it is not always easy to transmit information across different systems and applications. Open and interoperable systems underlie the federal government's goal for a modern information infrastructure. The Information Infrastructure Task Force (IITF), an interagency group that develops and implements policies and initiatives concerning the National Information Infrastructure (NII), envisions that this infrastructure will be a "network of networks" that is "open," interactive, and user-driven. To succeed in integrating information technology into the business of government, agencies have to choose strategies that will support their current diverse systems and missions, that are cost-effective, and that will provide for future systems. This bulletin provides information on recent changes to Federal Information Processing Standards (FIPS) for data communications protocols that enable computer systems to communicate with other systems in an open environment. Background During the past year, we completed a review of the government's requirements for the interoperability and openness of its networks. The Federal Internetworking Requirements Panel, which was established by NIST to study issues and recommend actions on the use of networking standards by the federal government, issued its final report in 1994. The Panel focused on the problems faced by federal agencies in implementing FIPS 146, Government Open Systems Interconnection Profile (GOSIP), when acquiring and using networks. Issued in 1986, GOSIP was developed by an interagency group composed of representatives of more than 20 agencies that had requirements for a set of common data communication protocols based on the International Organization for Standardization's seven-layer Open Systems Interconnection (OSI) Basic Reference Model. Agencies participating in the development of GOSIP included the Departments of Agriculture, Commerce, Defense, Energy, Health and Human Services, Housing and Urban Development, Interior, Justice, Labor, Transportation, Treasury, NASA, OMB, and others. Agreements reached at the NIST Workshop for Implementors of Open Systems Interconnection (now the Open Systems Environments Implementors' Workshop [OIW]) were an important part of GOSIP. Both government and industry users and the providers of open systems contributed to the development of these agreements which defined common ways to interpret and implement the OSI standards. Beginning in 1990, the use of GOSIP protocols was required when agencies acquired computer network products and services and communications systems or services that provided certain functionality: electronic mail, file transfer, interoperability among standard local area networking technologies, and remote terminal access capabilities. Network Diversity The Federal Internetworking Requirements Panel pointed out that "(w)hen GOSIP was originally conceived in the mid-1980s, OSI products were beginning to appear, vendors were developing (and promising to develop) more products, and governments and industries around the world were establishing plans and programs to adopt the OSI standards as the basis of their interworking." OSI protocols were expected to displace another suite of standard data communications, the Internet Protocol Suite (IPS), which are developed by the Internet Engineering Task Force of the Internet Society in a less formal process than that used by international standards groups. The Panel said that "IPS products, on the other hand, were limited in the mid-1980s, and several major vendors of computer and networking equipment were still in a 'wait and see' mode." Many marketplace changes have occurred since 1986 when GOSIP was issued. The Internet has evolved from a limited network for the research and defense community to a broad international service with many government and commercial users. Commercial hardware and software that conforms to the IPS standards is widely available. On the other hand, OSI products were slow in coming to the market. The Panel observed that agencies seldom bought OSI products, or may not have used or installed the OSI products that they did acquire as a result of the procurement mandate. While there were a few successful OSI applications, such as for electronic mail, these applications did not result in governmentwide interoperability. Agencies continued to use proprietary solutions or adopted the IPS standards. Both IPS and OSI provide many of the same capabilities: the interconnection of computers, local area, wide area, and other networks; the routing of information in packets or datagrams between networks; reliable data transmission; file transfers; remote log-in to a computer; and electronic mail. While the technologies for tying these different systems together are diverse, complex, and often incompatible, there are ways to use some OSI protocols over an IPS network. The Panel concluded that the OSI protocols alone are not sufficient in meeting the full range of government requirements for data internetworking, and that federal government agencies should have flexibility to select networking protocol standards based on factors such as interoperability needs, existing infrastructure, costs, the availability of marketplace products, and status of a protocol suite as a standard. New Policies Based on the Panel's recommendations, we have taken actions to modify FIPS 146, GOSIP, and FIPS 179, Government Network Management Profile (GNMP), which is based on OSI protocols and provides network management functions and services for GOSIP end systems and intermediate systems. In a Federal Register notice (Vol. 60, No. 93, May 15, 1995), NIST announced that the Secretary of Commerce had approved revisions to both standards. OSI protocols are no longer mandatory for use by federal agencies when they acquire networking products and services and communications systems and services. FIPS 146 has been renamed Profiles for Open Systems Internetworking Technologies (POSIT). The revised standards broaden options for agencies by enabling them to acquire and use a variety of networking products that implement open, voluntary standards. Such standards include those developed by the Internet Engineering Task Force (IETF), the International Telecommunications Union (ITU), and the International Organization for Standardization (ISO). Federal agencies are encouraged to select networking protocols that meet their interoperability needs, and that are supported in cost- effective, off-the-shelf commercial products. The Industry/ Government Open Systems Specification (IGOSS), issued as NIST Special Publication 500-217, updates the OSI protocols in the former GOSIP standard and may be used by federal agencies when they wish to acquire OSI protocols. Since interoperability is a key requirement for the effective use of information technology, agencies may wish to require that products that they acquire be tested for or required to demonstrate interoperability. The IGOSS Industry/Government Open Systems Specification Testing Framework (NISTIR 5438) describes a voluntary testing program for IGOSS protocols. Future Federal Requirements Government agencies have common information technology requirements and the need to share information electronically. Agencies and groups with common requirements have become known as affinity groups, some of which have already been identified in areas such as electronic commerce, electronic mail, access to information, and benefits transfers. These groups are actively working to implement the recommendations of the National Performance Review report on Reengineering Through Information Technology, which addressed the use of information technology to improve the delivery of government services. Their work is being coordinated by the Government Information Technology Services (GITS) Working Group under the IITF. The Panel observed that affinity groups could be active in the selection of future standards needed for interoperability and in the development of the infrastructure to support interoperability. A process for identifying future groups, their roles and responsibilities needs to be defined, according to the Panel. NIST Assistance NIST hosts workshops and conducts other support activities to assist users in addressing open systems requirements, preparing for the use of new technology, and identifying the international, national, industry and other open specifications that are available for building open systems frameworks, such as the government's Applications Portability Profile for the Open System Environment. NIST sponsors the semiannual Users' Forum on Application Portability Profile (APP) and Open System Environment (OSE) to exchange information and respond to NIST proposals regarding the evaluation and adoption of an integrated set of standards to support the APP and OSE. The quarterly Open Systems Environment Implementors' Workshop (OIW), co-sponsored by NIST and the Institute of Electrical and Electronics Engineers (IEEE) Computer Society, provides a public international technical forum for the timely development of implementation agreements based on emerging OSE standards. References NIST Special Publication 500-217, IGOSS-Industry/ Government Open Systems Specifications, Version 1, Gerard Mulvenna, Editor, May 1994. NISTIR 5438, Industry/Government Open Systems Specification Testing Framework, Version 1.0, Jean-Philippe Favreau, Editor, June 1994. "The National Information Infrastructure: Agenda for Action," Information Infrastructure Task Force, September 15, 1993. "Report of the Federal Internetworking Requirements Panel," prepared for NIST, May 1994. NIST Special Publication 500-210, Application Portability Profile--The Government's Open System Environment Profile OSE/1 Version 2.0, June 1993. "Reengineering Through Information Technology," Accompanying Report of the National Performance Review, Office of the Vice President, Washington, DC, September 1993.