Publications

Displaying 1 - 8 of 8

Prioritizing Cybersecurity Risk for Enterprise Risk Management

February 26, 2025

Author(s)

Stephen Quinn, Nahla Ivy, Matthew Barrett, Greg Witte, Robert Gardner

This document is the second in a series that supplements NIST Interagency Report (IR) 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM). This series provides additional detail regarding the enterprise application of cybersecurity risk

Using Business Impact Analysis to Inform Risk Prioritization and Response

February 26, 2025

Author(s)

Stephen Quinn, Nahla Ivy, Julie Anne Chua, Matthew Barrett, Larry Feldman, Daniel Topper, Greg Witte, Robert Gardner

While business impact analysis (BIA) has historically been used to determine availability requirements for business continuity, the process can be extended to provide a broad understanding of the potential impacts of any type of loss on the enterprise

NIST Cybersecurity Framework 2.0: Enterprise Risk Management Quick-Start Guide

October 21, 2024

Author(s)

Stephen Quinn, Victoria Pillitteri, Matthew Barrett, Matthew Smith, Gregory Witte

This guide provides an introduction to using the NIST Cybersecurity Framework (CSF) 2.0 for planning and integrating an enterprise-wide process for integrating cybersecurity risk management information, as a subset of information and communications

NIST Cybersecurity Framework 2.0: Quick-Start Guide for Using the CSF Tiers

October 21, 2024

Author(s)

Stephen Quinn, Cherilyn Pascoe, Matthew Barrett, Karen Scarfone, Gregory Witte

This Quick-Start Guide describes how to apply the CSF 2.0 Tiers. CSF Tiers can be applied to CSF Organizational Profiles to characterize the rigor of an organization's cybersecurity risk governance and management outcomes. This can help provide context on

National Online Informative References (OLIR) Program: Submission Guidance for OLIR Developers

February 26, 2024

Author(s)

Nicole Keller, Stephen Quinn, Matthew Barrett, Karen Scarfone, Matthew Smith, Vincent Johnson

The National Online Informative References (OLIR) Program is a NIST effort to facilitate subject matter experts in defining standardized Online Informative References (OLIRs), which are relationships between elements of documents from cybersecurity

National Cybersecurity Online Informative References (OLIR) Program: Submission Guidance for OLIR Developers

November 20, 2020

Author(s)

Matthew P. Barrett, Nicole D. Keller, Stephen Quinn, Matthew Smith, Karen Scarfone

This Program is a NIST effort to facilitate subject matter experts in defining standardized Online Informative References (OLIRs), which are relationships between elements of their documents and elements of other documents like the NIST Cybersecurity

Cybersecurity Framework Online Informative References (OLIR) Submissions: Specification for Completing the OLIR Template

August 1, 2019

Author(s)

Matthew P. Barrett, Nicole D. Keller, Stephen Quinn, Matthew Smith

This document provides instructions and definitions for completing the Cybersecurity Framework (CSF) Online Informative References (OLIR) spreadsheet template available for download at https://www.nist.gov/cyberframework/informative-references. This

Cybersecurity Framework Online Informative References (OLIR) Submissions: Specification for Completing the OLIR Template [including updates as of 05-31-2019]

May 31, 2019

Author(s)

Matthew P. Barrett, Nicole D. Keller, Stephen Quinn, Matthew Smith

Search Publications by: Matthew Barrett (Assoc)