Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Connecting the Dots



Stephen D. Quinn


Establishing traceability from high-level Federal Information Security Management Act (FISMA) requirements to specific mechanisms to secure hardware and software poses challenges for the government?s systems security managers. Effectively using security controls hinges on ensuring that an agency?s technology staff can properly establish and enforce their systems? security configuration settings. To make the important linkage from law and policy to the mandatory security requirements and controls described in Federal Information Processing Standard 200 and NIST Special Publication 800-53, NIST established the Information Security Automation Program (ISAP). This article describes ISAP and one of its elements, the Security Content Automation Protocol (SCAP).
FedTech Magazine


checklist, FISMA, security controls


Quinn, S. (2007), Connecting the Dots, FedTech Magazine, [online], (Accessed April 21, 2024)
Created June 1, 2007, Updated February 17, 2017