22. What is FIPS and why are information security policies so important for compliance?

FIPS, which is technically known as “Federal Information Processing Standard(s)”, are publicly announced standardization documentation developed by the U.S. government and ultimately issued by NIST – the National Institute for Standards and Technology. As for NIST, it’s a "measurement standards laboratory", which is essentially a non-regulatory agency within the United States Department of Commerce, and it’s become quite well-known in recent years due to their SP – 800 series publications. As for the FIPS publications, they are- according to nist.gov “…official publications relating to standards and guidelines adopted and promulgated under the provisions of the Federal Information Security Management Act (FISMA) of 2002.”

Additionally, there are a fair number of FIPS publications (though not nearly as many as the NIST SP 800 publications), with a number of them being quite well-known, such as the following:

  • FIPS 199
  • FIPS 200
  • FIPS 140

Many FIPS publications are essentially modified standards developed by other technical communities and associations, such as ANSI, IEEE, and ISO, just to name a select few. But what’s important to note is that compliance with FIPS standards is a requirement for many federal agencies along with contractors providing services to the U.S. government. Remember that FIPS, along with the SP 800 publications, are a vital component of FISMA compliance.

Documented Policies and Procedures for FISMA Compliance

Because of the strict requirements for having documented policies and procedures in place regarding FISMA compliance - along with other notable frameworks that rely on both FIPS and SP 800 publications - what organizations need are the FLANK21 set of operational, business specific, and information security documents offered by FLANK. The FLANK21 set of policies, procedures, forms, checklists, templates, provisioning and hardening documents - and more - have been developed by industry leading technology and compliance experts with years of real-world experience. Additionally, when purchasing and downloading from FLANK, you'll receive literally hundreds of well-written, high-quality, industry leading documents for assisting with all your compliance needs. 

So what’s the difference between FIPS publication and SP 800 publications? Good question, because we get asked that all the time. They are both part of the NIST family of publications, which includes well over 300 various information security documents. While FIPS are a series of publications relating specifically to guidelines and standards, SP 800 publications are industry, government, and academia working together in a collaborative effort for publishing guidelines, findings, and recommendations. But what's important to note is that they both form a fundamental component of FISMA compliance, along with other federally mandated requirements regarding information security.

FISMA, NIST, FIPS Policy and Procedures Documents and Consulting Services

Remember, it's important not to forget about the endless number of documented policies and procedures needed for FISMA compliance, and the FLANK21 set of documentation from FLANK is a great place to start. We also offer FISMA, NIST, and FIPS consulting services. Learn more about FISMA, NIST, and FIPS at http://csrc.nist.gov/publications/CSD_DocsGuide.pdf