Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Two NIST Computer Security Professionals Named to 2009 Federal 100 List

The National Institute of Standards and Technology's Karen Scarfone and Matthew P. Barrett received the 2009 Federal 100 Award. Presented by Federal Computer Week, the award honors the top professionals in the federal information technology community.


headshot of Karen Scarfone
Karen Scarfone
Credit: NIST

Scarfone, a project manager, was named for her prolific output of easy-to-understand technical security manuals that have helped numerous government organizations make their Web servers and mobile devices more secure. She has written or co-written 33 publications in the past two years, mainly covering incident response, host security and telework security. In 2008 there were 4 million Web page requests for her publications. Scarfone also used her technical expertise to help update the widely used Common Vulnerability Scoring System that measures vulnerabilities.


headshot of Matthew Barrett
Matthew Barrett
Credit: NIST

Barrett was acknowledged for leading the team that provides several computer security programs for federal agencies including the Security Content Automation Protocol (SCAP), the National Vulnerability Database, the National Checklist Programs and the SCAP Laboratory Accreditation program. As a representative to the Office of Management and Budget's working group for the Federal Desktop Core Configuration, he coordinated efforts by OMB, other agencies and Microsoft to develop a secure configuration for government PCs. Working with the Information Security Automation Program working group, Barrett worked with counterparts at the National Security Agency and the Defense Information Systems Agency to coordinate the interagency security automation agenda.

For details on the Common Vulnerability Scoring System, see NIST Interagency Report 7435, The Common Vulnerability Scoring System (CVSS) and Its Applicability to Federal Agency Systems available at For the National Vulnerability Database, the Security Content Automation Protocol and the National Checklist Program, see

Released April 21, 2009, Updated January 13, 2023