Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Stephen Quinn (Fed)

Mr. Stephen Quinn joined the National Institute of Standards and Technology (NIST) in 2004 and serves as a senior computer scientist in the Information Technology Laboratory (ITL). Mr. Quinn is the program manager of the National Checklist Program and the National Online Informative Reference Program and is the lead author for integrating NIST risk management project work within the paradigm of Enterprise Risk Management (ERM). He is also a co-originator of the Security Content Automation Protocol (SCAP).

Stephen was named to the “Federal 100” by the trade publication Federal Computer Week (FCW) and received the Department of Commence Gold Medal Award for his work in automating security protocols for applications. He also received the Federal CIO Council Leadership award for related work.

Prior to joining NIST, Steve worked as a consultant to the Department of Defense and large commercial outsourcings with Wall Street banking firms and insurance companies. Specifically, he comes from an operational background, having owned two companies that provided service offering for vulnerability assessments, designing security architectures, code development, cybersecurity risk management, certifications and accreditations, and ST&Es. His research experience and practitioner experience includes managing and remediating risks specific to computer viruses/malware, intrusion detection systems (IDSs), vulnerability/misconfiguration identification, categorization, and remediation.

Mr. Quinn received his bachelor’s degree in computer science from the University of Maryland in Baltimore County (UMBC) in 1995. In 2008, he earned a Master of Science (M.S.) in Information Technology with a concentration in project management from the Capella University. Mr. Quinn is an ISC2 Certified Information Systems Security Professional (CISSP) and PMI certified Project Management Professional (PMP). Mr. Quinn is also a FAI certified FAC-PPM and FAC-COR.

Selected Publications


The NIST Cybersecurity Framework (CSF) 2.0

Cherilyn Pascoe, Stephen Quinn, Karen Scarfone
The NIST Cybersecurity Framework (CSF) 2.0 provides guidance to industry, government agencies, and other organizations to manage cybersecurity risks. It offers

NIST Cybersecurity Framework 2.0: Resource & Overview Guide

Kristina Rigopoulos, Stephen Quinn, Cherilyn Pascoe, Jeffrey Marron, Amy Mahn, Daniel Topper
The NIST Cybersecurity Framework (CSF) 2.0 can help organizations manage and reduce their cybersecurity risks as they start or improve their cybersecurity
Created October 9, 2019, Updated December 8, 2022