Publications

Displaying 51 - 75 of 101

Getting Started with the NIST Cybersecurity Framework: A Quick Start Guide

August 6, 2021

Author(s)

Amy Mahn, Daniel Topper, Stephen Quinn, Jeffrey Marron

This document intends to provide direction and guidance to those organizations – in any sector or community – seeking to improve cybersecurity risk management via utilization of the NIST Framework for Improving Critical Infrastructure Cybersecurity

National Cybersecurity Online Informative References (OLIR) Program: Program Overview and OLIR Uses

November 20, 2020

Author(s)

Nicole D. Keller, Stephen Quinn, Karen Scarfone, Matthew Smith, Vincent Johnson

This Program is a NIST effort to facilitate subject matter experts in defining standardized Online Informative References (OLIRs), which are relationships between elements of their documents and elements of other documents like the NIST Cybersecurity

National Cybersecurity Online Informative References (OLIR) Program: Submission Guidance for OLIR Developers

November 20, 2020

Author(s)

Matthew P. Barrett, Nicole D. Keller, Stephen Quinn, Matthew Smith, Karen Scarfone

Integrating Cybersecurity and Enterprise Risk Management (ERM)

October 13, 2020

Author(s)

Kevin M. Stine, Stephen D. Quinn, Gregory A. Witte, Robert Gardner

The increasing frequency, creativity, and severity of cybersecurity attacks means that all enterprises should ensure that cybersecurity risk is receiving appropriate attention within their enterprise risk management (ERM) programs. This document is

Approaches for Federal Agencies to Use the Cybersecurity Framework

March 19, 2020

Author(s)

Jeffrey A. Marron, Victoria Y. Pillitteri, Jon M. Boyens, Stephen D. Quinn, Gregory A. Witte, Larry Feldman

Cybersecurity Framework Online Informative References (OLIR) Submissions: Specification for Completing the OLIR Template

August 1, 2019

Author(s)

Matthew P. Barrett, Nicole D. Keller, Stephen Quinn, Matthew Smith

This document provides instructions and definitions for completing the Cybersecurity Framework (CSF) Online Informative References (OLIR) spreadsheet template available for download at https://www.nist.gov/cyberframework/informative-references. This

Cybersecurity Framework Online Informative References (OLIR) Submissions: Specification for Completing the OLIR Template [including updates as of 05-31-2019]

May 31, 2019

Author(s)

Matthew P. Barrett, Nicole D. Keller, Stephen Quinn, Matthew Smith

Cybersecurity Framework Online Informative References (OLIR) Submissions Specification for Completing the OLIR Template

April 26, 2019

Author(s)

Matthew P. Barrett, Nicole D. Keller, Stephen D. Quinn, Matthew C. Smith

[Superseded by NISTIR 8204 (May 2019): https://doi.org/10.6028/NIST.IR.8204] This document provides instructions and definitions for completing the Cybersecurity Framework (CSF) Online Informative References (OLIR) spreadsheet template available for

Security Content Automation Protocol (SCAP) Version 1.3 Validation Program Test Requirements

April 20, 2018

Author(s)

Melanie Cook, Dragos Prisaca, Stephen D. Quinn, David A. Waltermire

This report defines the requirements and associated test procedures necessary for products or modules to achieve one or more Security Content Automation Protocol (SCAP) validations. Validation is awarded based on a defined set of SCAP capabilities by

National Checklist Program for IT Products--Guidelines for Checklist Users and Developers

February 15, 2018

Author(s)

Stephen Quinn, Murugiah Souppaya, Melanie R. Cook, Karen A. Scarfone

A security configuration checklist is a document that contains instructions or procedures for configuring an information technology (IT) product to an operational environment, for verifying that the product has been configured properly, and/or for

SCAP 1.3 Component Specification Version Updates: An Annex to NIST Special Publication 800-126 Revision 3

February 14, 2018

Author(s)

Harold Booth, David A. Waltermire, Mark L. Badger, Melanie R. Cook, Stephen Quinn, Karen Scarfone

The Security Content Automation Protocol (SCAP) is a multi-purpose framework of component specifications that support automated configuration, vulnerability, and patch checking, security measurement, and technical control compliance activities. The SCAP

The Technical Specification for the Security Content Automation Protocol (SCAP) Version 1.3

February 14, 2018

Author(s)

David A. Waltermire, Stephen D. Quinn, Harold Booth, Karen Scarfone, Dragos Prisaca

The Security Content Automation Protocol (SCAP) is a suite of specifications that standardize the format and nomenclature by which software flaw and security configuration information is communicated, both to machines and humans. This publication, along

National Checklist Program for IT Products: Guidelines for Checklist Users and Developers

December 8, 2016

Author(s)

Stephen D. Quinn, Murugiah P. Souppaya, Melanie R. Cook, Karen Scarfone

Search Publications by: Stephen Quinn (Fed)