This document discusses FISMA, FIPS, and NIST standards for information security compliance for US federal agencies and contractors. It provides an overview of key concepts: FISMA sets requirements for agency security programs, relying on NIST publications for guidance. FIPS are mandatory security standards for non-military agencies. NIST develops FIPS and additional guidelines. Systems must be inventoried, risks assessed and categorized, and minimum security controls from NIST SP 800-53 implemented. Ongoing monitoring is also required to maintain compliance. The document advises meeting FIPS standards first and prioritizing security efforts based on risk to work for the US government.