U.S. Department of Health and Human Services
FIPS are developed when there are no existing voluntary standards to address Federal requirements for the interoperability of different systems, for the portability of data and software, and for computer security. FISMA eliminates the waiver process for FIPS.
The newest publications, FIPS 199 and 200, are applicable for HHS and are an integral part of information security. Not all FIPS are mandatory. You must read the “Applicability” section of each standard to determine if it applies.
Page 7 of 8
Information Security and the EPLC FIPS