This website does readability filtering of other pages. All styles, scripts, forms and ads are stripped. If you want your website excluded or have other feedback, use this form.

link

Jump to content

www.nist.gov/itl/fips-general-information

NIST Menu

Information Technology Laboratory

Connect with us

FIPS General Information

Share

Facebook Google Plus Twitter

The National Institute of Standards and Technology (NIST) develops FIPS publications when required by statute and/or there are compelling federal government requirements for cybersecurity. FIPS publications are issued by NIST after approval by the Secretary of Commerce, pursuant to the Section 5131 of the Information Technology Management Reform Act of 1996 (Public Law 104-106), and the Computer Security Act of 1987 (Public Law 100-235).

Applicability

The Federal Information Security Management Act (FISMA) of 2002 (as amended by the Federal Information Security Modernization Act (FISMA) of 2014) does not include a statutory provision allowing federal agencies to waive the provisions of mandatory FIPS publications. Waivers approved by the heads of agencies had previously been allowed under the Computer Security Act, which was superseded by FISMA. Therefore, the waiver procedures included in several FIPS publications are no longer in effect.

The applicability sections of each FIPS publication should be reviewed to determine if the publication is mandatory for federal agency use.

FIPS publications do not apply to national security systems (as defined in Title III, Information Security, of FISMA).

Non-Federal Use

FIPS publications may be adopted and used by non-federal government organizations and private sector organizations.

Implementation

An individual FIPS publication may use document conventions to state requirements, recommended options, or permissible actions within the publication (e.g., ‘shall,’ ‘should,’ or ‘may’). For example, a FIPS publication may use: “shall” statements to indicate what is necessary to correctly implement its requirements; “should” statements to indicate a recommendation; and “may” statements to indicate a permissible action.

Copyright

FIPS publications are not subject to copyright in the United States.  Attribution would, however, be appreciated by NIST.

Patents

In general, the use of an essential patent claim (one whose use would be required for compliance with the guidance or requirements of a FIPS publication) may be considered if technical reasons justify this approach. In such cases, a patent holder would have to agree to either a Royalty-Free (RF) or Royalty-Bearing (RB) license on terms which are Reasonable and Non-Discriminatory (RAND).

Commercial Terms and Products

Any mention of commercial products within FIPS publications is for informational purposes only; it does not imply recommendation or endorsement by NIST.

See Procedures for Developing FIPS (Federal Information Processing Standards) Publications

Federal information standards (FIPS)
Created February 24, 2010, Updated May 21, 2018