22. What is FIPS and why are information security policies so important for compliance?
FIPS, which is technically known as “Federal Information Processing Standard(s)”, are publicly announced standardization documentation developed by the U.S. government and ultimately issued by NIST – the National Institute for Standards and Technology. As for NIST, it’s a "measurement standards laboratory", which is essentially a non-regulatory agency within the United States Department of Commerce, and it’s become quite well-known in recent years due to their SP – 800 series publications. As for the FIPS publications, they are- according to nist.gov “…official publications relating to standards and guidelines adopted and promulgated under the provisions of the Federal Information Security Management Act (FISMA) of 2002.”
Learn more about our signature product, the Global Information Security Compliance Packet (GISCP), the world's most complete security policy packet containing over 2,850 + pages of in-depth information security policies, procedures, forms, checklists, templates, provisioning and hardening documents, and much more.
Learn more today about the GISCP by viewing sample policies, forms, hardening documents, and more.
Additionally, there are a fair number of FIPS publications (though not nearly as many as the NIST SP 800 publications), with a number of them being quite well-known, such as the following:
- FIPS 199
- FIPS 200
- FIPS 140
Many FIPS publications are essentially modified standards developed by other technical communities and associations, such as ANSI, IEEE, and ISO, just to name a select few. But what’s important to note is that compliance with FIPS standards is a requirement for many federal agencies along with contractors providing services to the U.S. government. Remember that FIPS, along with the SP 800 publications, are a vital component of FISMA compliance.
Documented Policies and Procedures for FISMA Compliance | Download Them Today
Because of the strict requirements for having documented policies and procedures in place regarding FISMA compliance - along with other notable frameworks that rely on both FIPS and SP 800 publications - what organizations need are the Global Information Security Compliance Packet (GISCP) set of operational, business specific, and information security documents offered by Flat Iron Technologies, LLC. The GISCP set of policies, procedures, forms, checklists, templates, provisioning and hardening documents - and more - have been developed by industry leading technology and compliance experts with years of real-world experience. Additionally, when purchasing and downloading from Flat Iron Technologies, LLC, you'll receive literally hundreds of well-written, high-quality, industry leading documents for assisting with all your compliance needs.
So what’s the difference between FIPS publication and SP 800 publications? Good question, because we get asked that all the time. They are both part of the NIST family of publications, which includes well over 300 various information security documents. While FIPS are a series of publications relating specifically to guidelines and standards, SP 800 publications are industry, government, and academia working together in a collaborative effort for publishing guidelines, findings, and recommendations. But what's important to note is that they both form a fundamental component of FISMA compliance, along with other federally mandated requirements regarding information security.
FISMA, NIST, FIPS Policy and Procedures Documents and Consulting Services
Remember, it's important not to forget about the endless number of documented policies and procedures needed for FISMA compliance, and the Global Information Security Compliance Packet (GISCP) set of documentation from Flat Iron Technologies, LLC is a great place to start. We also offer FISMA, NIST, and FIPS consulting services. Learn more about FISMA, NIST, and FIPS at http://csrc.nist.gov/publications/CSD_DocsGuide.pdf