Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications by: Kevin Stine (Fed)

Search Title, Abstract, Conference, Citation, Keyword or Author
Displaying 1 - 25 of 32

American Competitiveness Of a More Productive Emerging Tech Economy Act (The American COMPETE Act)

August 11, 2023
Commerce Secretary, Kevin A. Kimball, Matthew Hoehler, Anne Lane, Elham Tabassi, Connie LaSalle, Mark VanLandingham, James A. Warren, Naomi Lefkovitz, Nada T. Golmie, Chris Greer, Matthew Scholl, Dylan Yaga, Andrew C. Wilson, Kevin Stine, Karen Reczek, Institute for Defense Analyses Science and Technology Policy Institute (IDA STPI), Quantum Economic Development Consortium (QED-C), Federal Trade Commission (FTC)
Under DIVISION FF, Title XV, §1501 of the Consolidated Appropriations Act of 2021 (Public Law 116-260)—the "American Competitiveness Of a More Productive Emerging Tech Economy Act" (the "American COMPETE Act")—the United States Congress directed the

Improving Enterprise Patching for General IT Systems: Utilizing Existing Tools and Performing Processes in Better Ways

April 6, 2022
Murugiah Souppaya, Alper Kerman, Karen Scarfone, Kevin Stine, Brian E. Johnson, Chris Peloquin, Vanessa Ruffin, Tyler Diamond, Mark Simos, Sean Sweeney
Despite widespread recognition that patching is effective and attackers regularly exploit unpatched software, many organizations do not adequately patch. There are myriad reasons why, not the least of which are that it's resource-intensive and that the act

Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management

November 12, 2021
Kevin Stine, Stephen Quinn, Nahla Ivy, Matthew Barrett, Greg Witte, Larry Feldman, Robert Gardner
This document supplements NIST Interagency or Internal Report 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM), by providing additional detail regarding risk guidance, identification, and analysis. This report offers examples and

Integrating Cybersecurity and Enterprise Risk Management (ERM)

October 13, 2020
Kevin M. Stine, Stephen D. Quinn, Gregory A. Witte, Robert Gardner
The increasing frequency, creativity, and severity of cybersecurity attacks means that all enterprises should ensure that cybersecurity risk is receiving appropriate attention within their enterprise risk management (ERM) programs. This document is

Guidelines for Media Sanitization

December 17, 2014
Richard L. Kissel, Andrew R. Regenscheid, Matthew A. Scholl, Kevin M. Stine
Media sanitization refers to a process that renders access to target data on the media infeasible for a given level of effort. This guide will assist organizations and system owners in making practical sanitization decisions based on the categorization of

Framework for Improving Critical Infrastructure Cybersecurity

February 19, 2014
Kevin M. Stine, Kim Quill, Gregory A. Witte
Recognizing that the national and economic security of the United States depends on the resilience of critical infrastructure, President Obama issued Executive Order (EO) 13636, Improving Critical Infrastructure Cybersecurity, in February 2013. It directed

Security Automation from a NIST Perspective

October 21, 2011
John F. Banghart, Stephen D. Quinn, Kevin M. Stine
Security automation can harmonize the vast amounts of information technology (IT) data into coherent, comparable information streams that inform timely and active management of diverse IT systems. Through the creation of internationally recognized

Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations

September 30, 2011
Kelley L. Dempsey, L A. Johnson, Matthew A. Scholl, Kevin M. Stine, Alicia Clay Jones, Angela Orebaugh, Nirali S. Chawla, Ronald Johnston
The purpose of this guideline is to assist organizations in the development of a continuous monitoring strategy and the implementation of a continuous monitoring program providing visibility into organizational assets, awareness of threats and

Encryption Basics

May 2, 2011
Kevin M. Stine, Quynh H. Dang
Healthcare and health information technology professionals are entrusted with patient data which, because of its personal nature, requires protection to ensure its confidentiality. To provide this protection, these professionals frequently look to commonly

Security Architecture Design Process for Health Information Exchanges (HIEs)

September 30, 2010
Matthew A. Scholl, Kevin M. Stine, Kenneth Lin, Daniel Steinberg
The purpose of this publication is to provide a systematic approach to designing a technical security architecture for the exchange of health information that leverages common government and commercial practices and that demonstrates how these practices

E-mail Security: an Overview of Threats and Safeguards

April 1, 2010
Kevin M. Stine, Matthew A. Scholl
This publication discusses, at a high level, the ubiquitous threats facing email systems today and impresses the need to secure these systems. This article will provide high level tips and techniques for securing email systems and point to resources that