Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications by: Stephen Quinn (Fed)

Displaying 26 - 42 of 42

National Checklist Program for IT Products--Guidelines for Checklist Users and Developers

February 15, 2018

Author(s)

Stephen Quinn, Murugiah Souppaya, Melanie R. Cook, Karen A. Scarfone

A security configuration checklist is a document that contains instructions or procedures for configuring an information technology (IT) product to an operational environment, for verifying that the product has been configured properly, and/or for

SCAP 1.3 Component Specification Version Updates: An Annex to NIST Special Publication 800-126 Revision 3

February 14, 2018

Author(s)

Harold Booth, David A. Waltermire, Mark L. Badger, Melanie R. Cook, Stephen Quinn, Karen Scarfone

The Security Content Automation Protocol (SCAP) is a multi-purpose framework of component specifications that support automated configuration, vulnerability, and patch checking, security measurement, and technical control compliance activities. The SCAP

The Technical Specification for the Security Content Automation Protocol (SCAP) Version 1.3

February 14, 2018

Author(s)

David A. Waltermire, Stephen D. Quinn, Harold Booth, Karen Scarfone, Dragos Prisaca

The Security Content Automation Protocol (SCAP) is a suite of specifications that standardize the format and nomenclature by which software flaw and security configuration information is communicated, both to machines and humans. This publication, along

National Checklist Program for IT Products: Guidelines for Checklist Users and Developers

December 8, 2016

Author(s)

Stephen D. Quinn, Murugiah P. Souppaya, Melanie R. Cook, Karen Scarfone

Security Content Automation Protocol (SCAP) Version 1.2 Validation Program Test Requirements

January 28, 2016

Author(s)

Melanie Cook, Stephen D. Quinn, David A. Waltermire, Dragos Prisaca

This report defines the requirements and associated test procedures necessary for products or modules to achieve one or more Security Content Automation Protocol (SCAP) validations. Validation is awarded based on a defined set of SCAP capabilities by

National Checklist Program for IT Products: Guidelines for Checklist Users and Developers

December 10, 2015

Author(s)

Stephen D. Quinn, Murugiah P. Souppaya, Melanie Cook, Karen Scarfone

[Superseded by SP 800-70 Rev. 3 (December 2015, updated 12/8/2016): https://www.nist.gov/node/1125056?pubid=922414 ] A security configuration checklist is a document that contains instructions or procedures for configuring an information technology (IT)

Security Content Automation Protocol (SCAP) Version 1.2 Validation Program Test Requirements

January 16, 2013

Author(s)

John F. Banghart, Melanie R. Cook, Stephen Quinn, David A. Waltermire, Andrew Bove

[Superseded by NISTIR 7511 Rev. 4 (January 2016): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=919713] This report defines the requirements and associated test procedures necessary for products to achieve one or more Security Content

Security Automation from a NIST Perspective

October 21, 2011

Author(s)

John F. Banghart, Stephen D. Quinn, Kevin M. Stine

Security automation can harmonize the vast amounts of information technology (IT) data into coherent, comparable information streams that inform timely and active management of diverse IT systems. Through the creation of internationally recognized

The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2 [includes updates through 3-19-2012]

September 30, 2011

Author(s)

David A. Waltermire, Stephen D. Quinn, Adam M. Halbardier, Karen Scarfone

This document provides the definitive technical specification for version 1.2 of the Security Content Automation Protocol (SCAP). SCAP consists of a suite of specifications for standardizing the format and nomenclature by which information about software

National Checklist Program for IT Products Guidelines for Checklist Users and Developers

February 25, 2011

Author(s)

Stephen D. Quinn, Murugiah P. Souppaya, Melanie Cook, Karen Scarfone

Special Publication 800-70 Revision 2 - National Checklist Program for IT Products Guidelines for Checklist Users and Developers describes security configuration checklists and their benefits, and it explains how to use the NIST National Checklist Program

The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.1

February 25, 2011

Author(s)

David A. Waltermire, Stephen D. Quinn, Karen Scarfone

This document provides the definitive technical specification for Version 1.1 of the Security Content Automation Protocol (SCAP). SCAP consists of a suite of specifications for standardizing the format and nomenclature by which security software

Guide to Adopting and Using the Security Content Automation Protocol (SCAP), Version 1.0

July 27, 2010

Author(s)

Stephen D. Quinn, Karen A. Scarfone, Matthew P. Barrett, Christopher S. Johnson

The purpose of this document is to provide an overview of the Security Content Automation Protocol (SCAP). This document discusses SCAP at a conceptual level, focusing on how organizations can use SCAP-enabled tools to enhance their security posture. It

The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.0

November 5, 2009

Author(s)

Stephen D. Quinn, David A. Waltermire, Christopher S. Johnson, Karen A. Scarfone, John F. Banghart

This document defines the technical specification for Version 1.0 of the Security Content Automation Protocol (SCAP). SCAP consists of a suite of specifications for standardizing the format and nomenclature by which security software communicates

National Checklist Program for IT Products Guidelines for Checklist Users and Developers

September 30, 2009

Author(s)

Stephen Quinn, Karen A. Scarfone, Murugiah Souppaya

[Superseded by SP 800-70 Rev. 2 (February 2011): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=907732] A security configuration checklist is a series of instructions for configuring a product to a particular operational environment

Specification for the Extensible Configuration Checklist Description Format (XCCDF) Version 1.1.4

January 1, 2008

Author(s)

Neal Ziring, Stephen Quinn

This report specifies the data model and Extensible Markup Language (XML) representation for the Extensible Configuration Checklist Description Format (XCCDF) Version 1.1.4. An XCCDF document is a structured collection of security configuration rules for

Connecting the Dots

June 1, 2007

Author(s)

Stephen D. Quinn

Establishing traceability from high-level Federal Information Security Management Act (FISMA) requirements to specific mechanisms to secure hardware and software poses challenges for the government?s systems security managers. Effectively using security

Specification for the Extensible Configuration Checklist Description Format (XCCDF), Version 1.1.3

April 30, 2007

Author(s)

Neal Ziring, Stephen Quinn

The Cyber Security Research and Development Act of 2002 tasks the National Institute of Standards and Technology (NIST) to "develop, and revise as necessary, a checklist setting forth settings and option selections that minimize the security risks