The National Institute of Standards and Technology (NIST) develops Federal Information Processing Standards (FIPS) publications to establish guidelines for federal information security management. These standards are mandatory for federal agencies and approved by the Secretary of Commerce. However, the Federal Information Security Modernization Act (FISMA) of 2014 does not allow federal agencies to waive mandatory FIPS requirements.
FIPS publications may be adopted by non-federal organizations and the private sector. The publications use specific document conventions to indicate requirements, recommendations, and permissible actions. For example, “shall” statements indicate necessary requirements, “should” statements indicate recommendations, and “may” statements indicate permissible actions.
FIPS publications are not subject to copyright in the United States, but attribution to NIST is appreciated. If an essential patent claim is required for compliance with a FIPS publication, a patent holder must agree to a Royalty-Free (RF) or Royalty-Bearing (RB) license on Reasonable and Non-Discriminatory (RAND) terms.
Source: https://www.nist.gov/itl/fips-general-information
Keywords: FIPS, NIST, Security, Standards, Patent
