Our Services ➔
NIST is a key resource for technological advancement and security at many of the country’s most innovative organizations. As such, compliance with NIST standards and guidelines has become a top priority in many high tech industries today.
The National Institute of Standards and Technology is a non-regulatory government agency that develops technology, metrics, and standards to drive innovation and economic competitiveness at U.S.-based organizations in the science and technology industry. As part of this effort, NIST produces standards and guidelines to help federal agencies meet the requirements of the Federal Information Security Management Act (FISMA). NIST also assists those agencies in protecting their information and information systems through cost-effective programs.
Specifically, NIST develops Federal Information Processing Standards (FIPS) in congruence with FISMA. The Secretary of Commerce approves FIPS, with which federal agencies must comply – federal agencies may not waive the use of the standards. NIST also provides guidance documents and recommendations through its Special Publications (SP) 800-series. The Office of Management and Budget (OMB) policies require that agencies must comply with NIST guidance, unless they are national security programs and systems.
Generally speaking, NIST guidance provides the set of standards for recommended security controls for information systems at federal agencies. These standards are endorsed by the government, and companies comply with NIST standards because they encompass security best practices controls across a range of industries – an example of a widely adopted NIST standard is the NIST Cybersecurity Framework. NIST standards are based on best practices from several security documents, organizations, and publications, and are designed as a framework for federal agencies and programs requiring stringent security measures.
In many cases, complying with NIST guidelines and recommendations will help federal agencies ensure compliance with other regulations, such as HIPAA, FISMA, or SOX. NIST guidelines are often developed to help agencies meet specific regulatory compliance requirements. For example, NIST has outlined nine steps toward FISMA compliance:
