Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications by:

Search Title, Abstract, Conference, Citation, Keyword or Author
Displaying 1 - 25 of 27

Assessing Enhanced Security Requirements for Controlled Unclassified Information

March 15, 2022
Author(s)
Ronald S. Ross, Victoria Yan Pillitteri, Kelley L. Dempsey
The protection of Controlled Unclassified Information (CUI) in nonfederal systems and organizations is important to federal agencies and can directly impact the ability of the Federal Government to successfully carry out its assigned missions and business

Managing the Security of Information Exchanges

July 20, 2021
Author(s)
Kelley L. Dempsey, Victoria Yan Pillitteri, Andrew Regenscheid
An organization often has mission and business-based needs to exchange (share) information with one or more other internal or external organizations via various information exchange channels. However, it is recognized that the information being exchanged

ISCMA: An Information Security Continuous Monitoring Program Assessment

March 31, 2021
Author(s)
Victoria Yan Pillitteri, Kelley L. Dempsey, Chad Baer, Ron Rudman, Robert Niemeyer, Susan Urban
This publication describes an example methodology for assessing an organization's Information Security Continuous Monitoring (ISCM) program. It was developed directly from NIST guidance and is applicable to any organization, public or private. It can be

Automation Support for Security Control Assessments: Software Vulnerability Management

April 28, 2020
Author(s)
Kelley L. Dempsey, Eduardo K. Takamura, Paul Eavy, George Moore
The NISTIR 8011 capability-specific volumes focus on the automation of security control assessment within each individual information security capability. The capability-specific volumes add tangible detail to the more general overview given in NISTIR 8011

Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations

February 21, 2020
Author(s)
Ronald S. Ross, Victoria Y. Pillitteri, Kelley L. Dempsey, Mark Riddle, Gary Guissanie
The protection of Controlled Unclassified Information (CUI) resident in nonfederal systems and organizations is of paramount importance to federal agencies and can directly impact the ability of the federal government to successfully conduct its essential

Guide for Security-Focused Configuration Management of Information Systems

October 11, 2019
Author(s)
Arnold Johnson, Kelley L. Dempsey, Ronald S. Ross, Sarbari Gupta, Dennis Bailey
[Includes updates as of October 10, 2019] Guide for Security-Focused Configuration Management of Information Systems provides guidelines for organizations responsible for managing and administering the security of federal information systems and associated

Automation Support for Security Control Assessments: Software Asset Management

December 6, 2018
Author(s)
Kelley L. Dempsey, Nedim S. Goren, Paul Eavy, George Moore
The NISTIR 8011 volumes focus on each individual information security capability, adding tangible detail to the more general overview given in NISTIR 8011 Volume 1, and providing a template for transition to a detailed, NIST standards-compliant automated

Assessing Security Requirements for Controlled Unclassified Information

June 13, 2018
Author(s)
Ronald S. Ross, Kelley L. Dempsey, Victoria Y. Pillitteri
The protection of Controlled Unclassified Information (CUI) resident in nonfederal systems and organizations is of paramount importance to federal agencies and can directly impact the ability of the federal government to successfully conduct its assigned

Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations [including updates as of 02-20-2018]

February 20, 2018
Author(s)
Ronald S. Ross, Patrick Viscuso, Gary Guissanie, Kelley L. Dempsey, Mark Riddle
[Superseded by SP 800-171 Rev. 1 (December 2016, updated 06/07/2018): https://doi.org/10.6028/NIST.SP.800-171r1] The protection of Controlled Unclassified Information (CUI) while residing in nonfederal information systems and organizations is of paramount

Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations [including updates as of 11-28-2017]

November 28, 2017
Author(s)
Ronald S. Ross, Patrick Viscuso, Gary Guissanie, Kelley L. Dempsey, Mark Riddle
[Superseded by SP 800-171 Rev. 1 (December 2016, updated 02/20/2018): https://doi.org/10.6028/NIST.SP.800-171r1] The protection of Controlled Unclassified Information (CUI) while residing in nonfederal information systems and organizations is of paramount

An Introduction to Information Security

June 22, 2017
Author(s)
Michael Nieles, Kelley L. Dempsey, Victoria Y. Pillitteri
Organizations rely heavily on the use of information technology (IT) products and services to run their day-to-day activities. Ensuring the security of these products and services is of the utmost importance for the success of the organization. This

Automation Support for Security Control Assessments, Volume 1: Overview

June 6, 2017
Author(s)
Kelley L. Dempsey, Paul Eavy, George Moore
This volume introduces concepts to support automated assessment of most of the security controls in NIST Special Publication (SP) 800-53. Referencing SP 800-53A, the controls are divided into more granular parts (determination statements) to be assessed

Protection of Controlled Unclassified Information

October 19, 2015
Author(s)
Ronald S. Ross, Kelley L. Dempsey, Larry Feldman, Gregory A. Witte
This bulletin summarizes the information presented in NIST SP 800-171: Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations. The publication the protection of Controlled Unclassified Information (CUI) while

Risk Management for Replication Devices

February 23, 2015
Author(s)
Kelley L. Dempsey, Celia Paulsen
This publication provides guidance on protecting the confidentiality, integrity, and availability of information processed, stored, or transmitted on replication devices (RDs). It suggests appropriate countermeasures in the context of the System