U.S. Department of Health and Human Services
FISMA made NIST responsible for developing standards, guidelines, including minimum requirements for information systems used or operated by an agency or by a contractor of an agency or other organization on behalf of an agency (other than national security systems).
NIST communicates standards in two types of documents: Federal Information Processing Standards (FIPS) and Special Publications (SP). These standards and guidelines are issued for use government-wide. Some standards are compulsory, some are voluntary.
Page 5 of 8
Information Security and the EPLC NIST