U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications by: Stephen Quinn (Fed)

Search Title, Abstract, Conference, Citation, Keyword or Author
Displaying 1 - 25 of 56

NIST Cybersecurity Framework 2.0: Resource & Overview Guide (French translation)

November 25, 2024
Author(s)
Kristina Rigopoulos, Stephen Quinn, Cherilyn Pascoe, Jeffrey Marron, Amy Mahn, Daniel Topper
The NIST Cybersecurity Framework (CSF) 2.0 can help organizations manage and reduce their cybersecurity risks as they start or improve their cybersecurity program. The CSF outlines specific outcomes that organizations can achieve to address risk. Other

NIST Cybersecurity Framework 2.0: Resource & Overview Guide (Portuguese translation)

November 25, 2024
Author(s)
Kristina Rigopoulos, Stephen Quinn, Cherilyn Pascoe, Jeffrey Marron, Amy Mahn, Daniel Topper
The NIST Cybersecurity Framework (CSF) 2.0 can help organizations manage and reduce their cybersecurity risks as they start or improve their cybersecurity program. The CSF outlines specific outcomes that organizations can achieve to address risk. Other

NIST Cybersecurity Framework 2.0: Resource & Overview Guide (Spanish translation)

November 25, 2024
Author(s)
Kristina Rigopoulos, Stephen Quinn, Cherilyn Pascoe, Jeffrey Marron, Amy Mahn, Daniel Topper
The NIST Cybersecurity Framework (CSF) 2.0 can help organizations manage and reduce their cybersecurity risks as they start or improve their cybersecurity program. The CSF outlines specific outcomes that organizations can achieve to address risk. Other

The NIST Cybersecurity Framework (CSF) 2.0 (French translation)

November 22, 2024
Author(s)
Cherilyn Pascoe, Stephen Quinn, Karen Scarfone
The NIST Cybersecurity Framework (CSF) 2.0 provides guidance to industry, government agencies, and other organizations to manage cybersecurity risks. It offers a taxonomy of high-level cybersecurity outcomes that can be used by any organization —

The NIST Cybersecurity Framework (CSF) 2.0 (German translation)

November 22, 2024
Author(s)
Cherilyn Pascoe, Stephen Quinn, Karen Scarfone
The NIST Cybersecurity Framework (CSF) 2.0 provides guidance to industry, government agencies, and other organizations to manage cybersecurity risks. It offers a taxonomy of high-level cybersecurity outcomes that can be used by any organization —

The NIST Cybersecurity Framework (CSF) 2.0 (Polish translation)

November 12, 2024
Author(s)
Cherilyn Pascoe, Stephen Quinn, Karen Scarfone
The NIST Cybersecurity Framework (CSF) 2.0 provides guidance to industry, government agencies, and other organizations to manage cybersecurity risks. It offers a taxonomy of high-level cybersecurity outcomes that can be used by any organization —

NIST Cybersecurity Framework 2.0: Enterprise Risk Management Quick-Start Guide

October 21, 2024
Author(s)
Stephen Quinn, Victoria Pillitteri, Matthew Barrett, Matthew Smith, Gregory Witte
This guide provides an introduction to using the NIST Cybersecurity Framework (CSF) 2.0 for planning and integrating an enterprise-wide process for integrating cybersecurity risk management information, as a subset of information and communications

NIST Cybersecurity Framework 2.0: Quick-Start Guide for Using the CSF Tiers

October 21, 2024
Author(s)
Stephen Quinn, Cherilyn Pascoe, Matthew Barrett, Karen Scarfone, Gregory Witte
This Quick-Start Guide describes how to apply the CSF 2.0 Tiers. CSF Tiers can be applied to CSF Organizational Profiles to characterize the rigor of an organization's cybersecurity risk governance and management outcomes. This can help provide context on

Staging Cybersecurity Risks for Enterprise Risk Management and Governance Oversight

March 6, 2024
Author(s)
Stephen Quinn, Nahla Ivy, Matthew Barrett, Greg Witte, R.K. Gardner
This document is the third in a series that supplements NIST Interagency/Internal Report (NISTIR) 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM). This series provides additional details regarding the enterprise application of

National Online Informative References (OLIR) Program: Overview, Benefits, and Use

February 26, 2024
Author(s)
Nicole Keller, Stephen Quinn, Karen Scarfone, Matthew Smith, Vincent Johnson
Information and communications technology (ICT) domains – such as cybersecurity, privacy, and Internet of Things (IoT) – have many requirements and recommendations made by national and international standards, guidelines, frameworks, and regulations. An

NIST Cybersecurity Framework 2.0: Resource & Overview Guide

February 26, 2024
Author(s)
Kristina Rigopoulos, Stephen Quinn, Cherilyn Pascoe, Jeffrey Marron, Amy Mahn, Daniel Topper
The NIST Cybersecurity Framework (CSF) 2.0 can help organizations manage and reduce their cybersecurity risks as they start or improve their cybersecurity program. The CSF outlines specific outcomes that organizations can achieve to address risk. Other

The NIST Cybersecurity Framework (CSF) 2.0

February 26, 2024
Author(s)
Cherilyn Pascoe, Stephen Quinn, Karen Scarfone
The NIST Cybersecurity Framework (CSF) 2.0 provides guidance to industry, government agencies, and other organizations to manage cybersecurity risks. It offers a taxonomy of high-level cybersecurity outcomes that can be used by any organization —

Enterprise Impact of Information & Communications Technology Risk

November 17, 2023
Author(s)
Stephen Quinn, Nahla Ivy, Matthew Barrett, Larry Feldman, Daniel Topper, Greg Witte, Karen Scarfone, Robert Gardner, Julie Chua
All enterprises should ensure that information and communications technology (ICT) risk receives appropriate attention within their enterprise risk management (ERM) programs. This document is intended to help individual organizations within an enterprise

Information and Communications Technology (ICT) Risk Outcomes

November 17, 2023
Author(s)
Stephen Quinn, Nahla Ivy, Karen Scarfone, Matthew Barrett, Larry Feldman, Daniel Topper, Greg Witte, Robert Gardner, Julie Chua
The increasing frequency, creativity, and severity of technology attacks means that all enterprises should ensure that information and communications technology (ICT) risk is receiving appropriate attention within their enterprise risk management (ERM)

Using Business Impact Analysis to Inform Risk Prioritization and Response

November 17, 2022
Author(s)
Stephen Quinn, Nahla Ivy, Julie Chua, Matthew Barrett, Greg Witte, Larry Feldman, Daniel Topper, Robert Gardner
While business impact analysis (BIA) has historically been used to determine availability requirements for business continuity, the process can be extended to provide a broad understanding of the potential impacts of any type of loss on the enterprise

Staging Cybersecurity Risks for Enterprise Risk Management and Governance Oversight

September 14, 2022
Author(s)
Stephen Quinn, Nahla Ivy, Greg Witte, Matthew Barrett, Robert Gardner
This document is the third in a series that supplements NIST Interagency/Internal Report (NISTIR) 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM). This series provides additional details regarding the enterprise application of