www.nist.gov/itl/fips-general-information
NIST Menu
- Topics Expand or Collapse
- Advanced Communications
- Bioscience
- Buildings and Construction
- Chemistry
- Cybersecurity
- Electronics
- Energy
- Environment
- Fire
- Forensic Science
- Health
- Information technology
- Infrastructure
- Manufacturing
- Materials
- Mathematics and Statistics
- Metrology
- Nanotechnology
- Neutron research
- Performance Excellence
- Physics
- Public safety
- Resilience
- Standards
- Transportation
- Publications
- Labs & Major Programs Expand or Collapse
- Services & Resources Expand or Collapse
- News & Events Expand or Collapse
- About NIST Expand or Collapse
Information Technology Laboratory
- itl Expand or Collapse
- About ITL Expand or Collapse
- How to Work With Us Expand or Collapse
- Publications Expand or Collapse
- Priority Areas Expand or Collapse
- Products and Services Expand or Collapse
- Biometric Special Databases and Software
- Color FERET Database
- Computer Security Resource Center
- Cybersecurity Framework
- EMNIST Dataset
- Healthcare - Standards & Testing
- NIST Digital Library of Mathematical Functions
- NIST/SEMATECH Engineering Statistics Handbook
- National Initiative for Cybersecurity Framework
- National Software Reference Library's RDS
- National Vulnerability Database
- Voting
- Events
- News & Updates
- NIST Industry Impacts of ITL Research
- Taking Measure Blogs on Information Technology
- Standards Activities
- Videos
Connect with us
FIPS General Information
Share
Facebook Google Plus TwitterThe National Institute of Standards and Technology (NIST) develops FIPS publications when required by statute and/or there are compelling federal government requirements for cybersecurity. FIPS publications are issued by NIST after approval by the Secretary of Commerce, pursuant to the Section 5131 of the Information Technology Management Reform Act of 1996 (Public Law 104-106), and the Computer Security Act of 1987 (Public Law 100-235).
Applicability
The Federal Information Security Management Act (FISMA) of 2002 (as amended by the Federal Information Security Modernization Act (FISMA) of 2014) does not include a statutory provision allowing federal agencies to waive the provisions of mandatory FIPS publications. Waivers approved by the heads of agencies had previously been allowed under the Computer Security Act, which was superseded by FISMA. Therefore, the waiver procedures included in several FIPS publications are no longer in effect.
The applicability sections of each FIPS publication should be reviewed to determine if the publication is mandatory for federal agency use.
FIPS publications do not apply to national security systems (as defined in Title III, Information Security, of FISMA).
Non-Federal Use
FIPS publications may be adopted and used by non-federal government organizations and private sector organizations.
Implementation
An individual FIPS publication may use document conventions to state requirements, recommended options, or permissible actions within the publication (e.g., ‘shall,’ ‘should,’ or ‘may’). For example, a FIPS publication may use: “shall” statements to indicate what is necessary to correctly implement its requirements; “should” statements to indicate a recommendation; and “may” statements to indicate a permissible action.
Copyright
FIPS publications are not subject to copyright in the United States. Attribution would, however, be appreciated by NIST.
Patents
In general, the use of an essential patent claim (one whose use would be required for compliance with the guidance or requirements of a FIPS publication) may be considered if technical reasons justify this approach. In such cases, a patent holder would have to agree to either a Royalty-Free (RF) or Royalty-Bearing (RB) license on terms which are Reasonable and Non-Discriminatory (RAND).
Commercial Terms and Products
Any mention of commercial products within FIPS publications is for informational purposes only; it does not imply recommendation or endorsement by NIST.