Publications

Displaying 26 - 50 of 61

Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management

November 12, 2021

Author(s)

Kevin Stine, Stephen Quinn, Nahla Ivy, Matthew Barrett, Greg Witte, Larry Feldman, Robert Gardner

This document supplements NIST Interagency or Internal Report 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM), by providing additional detail regarding risk guidance, identification, and analysis. This report offers examples and

Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1 (Portuguese translation)

September 8, 2021

Author(s)

Kevin Stine, Matthew Barrett

Translated courtesy of the US Chamber of Commerce and the Brazil-US Business Council. Not an official U.S. Government translation.

Integrating Cybersecurity and Enterprise Risk Management (ERM)

October 13, 2020

Author(s)

Kevin M. Stine, Stephen D. Quinn, Gregory A. Witte, Robert Gardner

The increasing frequency, creativity, and severity of cybersecurity attacks means that all enterprises should ensure that cybersecurity risk is receiving appropriate attention within their enterprise risk management (ERM) programs. This document is

Guidelines for Media Sanitization

December 17, 2014

Author(s)

Richard L. Kissel, Andrew R. Regenscheid, Matthew A. Scholl, Kevin M. Stine

Media sanitization refers to a process that renders access to target data on the media infeasible for a given level of effort. This guide will assist organizations and system owners in making practical sanitization decisions based on the categorization of

Supplemental Guidance on Ongoing Authorization: Transitioning to Near Real-Time Risk Management

June 3, 2014

Author(s)

Kelley L. Dempsey, Ronald S. Ross, Kevin M. Stine

Office of Management and Budget (OMB) Memorandum M-14-03, Enhancing the Security of Federal Information and Information Systems, reminds Federal agencies that, "Our nation's security and economic prosperity depend on ensuring the confidentiality, integrity

Framework for Improving Critical Infrastructure Cybersecurity

February 19, 2014

Author(s)

Kevin M. Stine, Kim Quill, Gregory A. Witte

Recognizing that the national and economic security of the United States depends on the resilience of critical infrastructure, President Obama issued Executive Order (EO) 13636, Improving Critical Infrastructure Cybersecurity, in February 2013. It directed

Security Automation from a NIST Perspective

October 21, 2011

Author(s)

John F. Banghart, Stephen D. Quinn, Kevin M. Stine

Security automation can harmonize the vast amounts of information technology (IT) data into coherent, comparable information streams that inform timely and active management of diverse IT systems. Through the creation of internationally recognized

Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations

September 30, 2011

Author(s)

Kelley L. Dempsey, L A. Johnson, Matthew A. Scholl, Kevin M. Stine, Alicia Clay Jones, Angela Orebaugh, Nirali S. Chawla, Ronald Johnston

The purpose of this guideline is to assist organizations in the development of a continuous monitoring strategy and the implementation of a continuous monitoring program providing visibility into organizational assets, awareness of threats and

Encryption Basics

May 2, 2011

Author(s)

Kevin M. Stine, Quynh H. Dang

Healthcare and health information technology professionals are entrusted with patient data which, because of its personal nature, requires protection to ensure its confidentiality. To provide this protection, these professionals frequently look to commonly

Security Architecture Design Process for Health Information Exchanges (HIEs)

September 30, 2010

Author(s)

Matthew A. Scholl, Kevin M. Stine, Kenneth Lin, Daniel Steinberg

The purpose of this publication is to provide a systematic approach to designing a technical security architecture for the exchange of health information that leverages common government and commercial practices and that demonstrates how these practices

E-mail Security: an Overview of Threats and Safeguards

April 1, 2010

Author(s)

Kevin M. Stine, Matthew A. Scholl

This publication discusses, at a high level, the ubiquitous threats facing email systems today and impresses the need to secure these systems. This article will provide high level tips and techniques for securing email systems and point to resources that

Information Security Training Requirements: A Role- and performance-Based Model (Draft)

March 2, 2009

Author(s)

Mark Wilson, Kevin M. Stine, Pauline Bowen

This document and NIST Special Publication 800-50, Building an Information Technology Security Awareness and Training Program describe the following key approaches of an information security awareness and training program that federal departments and

An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule

October 22, 2008

Author(s)

Matthew A. Scholl, Kevin Stine, Joan Hash, Pauline Bowen, L A. Johnson, Carla Dancy Smith, Daniel Steinberg

Special Publication 800-66 Rev. 1, An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule, which discusses security considerations and resources that may provide value when implementing

Search Publications by: Kevin Stine (Fed)