Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

FIPS General Information

The National Institute of Standards and Technology (NIST) develops FIPS publications when required by statute and/or there are compelling federal government requirements for cybersecurity. FIPS publications are issued by NIST after approval by the Secretary of Commerce, pursuant to the Section 5131 of the Information Technology Management Reform Act of 1996 (Public Law 104-106), and the Computer Security Act of 1987 (Public Law 100-235). 

Applicability 

The Federal Information Security Management Act (FISMA) of 2002 (as amended by the Federal Information Security Modernization Act (FISMA) of 2014) does not include a statutory provision allowing federal agencies to waive the provisions of mandatory FIPS publications. Waivers approved by the heads of agencies had previously been allowed under the Computer Security Act, which was superseded by FISMA. Therefore, the waiver procedures included in several FIPS publications are no longer in effect.

The applicability sections of each FIPS publication should be reviewed to determine if the publication is mandatory for federal agency use. 

FIPS publications do not apply to national security systems (as defined in Title III, Information Security, of FISMA).

Non-Federal Use

FIPS publications may be adopted and used by non-federal government organizations and private sector organizations.

Implementation

An individual FIPS publication may use document conventions to state requirements, recommended options, or permissible actions within the publication (e.g., ‘shall,’ ‘should,’ or ‘may’). For example, a FIPS publication may use: “shall” statements to indicate what is necessary to correctly implement its requirements; “should” statements to indicate a recommendation; and “may” statements to indicate a permissible action.

Copyright

FIPS publications are not subject to copyright in the United States.  Attribution would, however, be appreciated by NIST.

Patents

In general, the use of an essential patent claim (one whose use would be required for compliance with the guidance or requirements of a FIPS publication) may be considered if technical reasons justify this approach. In such cases, a patent holder would have to agree to either a Royalty-Free (RF) or Royalty-Bearing (RB) license on terms which are Reasonable and Non-Discriminatory (RAND).  

Commercial Terms and Products

Any mention of commercial products within FIPS publications is for informational purposes only; it does not imply recommendation or endorsement by NIST. 

See Procedures for Developing FIPS (Federal Information Processing Standards) Publications

Created February 24, 2010, Updated May 21, 2018