The National Institute of Standards and Technology's Karen Scarfone and Matthew P. Barrett received the 2009 Federal 100 Award. Presented by Federal Computer Week, the award honors the top professionals in the federal information technology community.
Scarfone, a project manager, was named for her prolific output of easy-to-understand technical security manuals that have helped numerous government organizations make their Web servers and mobile devices more secure. She has written or co-written 33 publications in the past two years, mainly covering incident response, host security and telework security. In 2008 there were 4 million Web page requests for her publications. Scarfone also used her technical expertise to help update the widely used Common Vulnerability Scoring System that measures vulnerabilities.
Barrett was acknowledged for leading the team that provides several computer security programs for federal agencies including the Security Content Automation Protocol (SCAP), the National Vulnerability Database, the National Checklist Programs and the SCAP Laboratory Accreditation program. As a representative to the Office of Management and Budget's working group for the Federal Desktop Core Configuration, he coordinated efforts by OMB, other agencies and Microsoft to develop a secure configuration for government PCs. Working with the Information Security Automation Program working group, Barrett worked with counterparts at the National Security Agency and the Defense Information Systems Agency to coordinate the interagency security automation agenda.
For details on the Common Vulnerability Scoring System, see NIST Interagency Report 7435, The Common Vulnerability Scoring System (CVSS) and Its Applicability to Federal Agency Systems available at http://csrc.nist.gov/publications/nistir/ir7435/NISTIR-7435.pdf. For the National Vulnerability Database, the Security Content Automation Protocol and the National Checklist Program, see http://nvd.nist.gov/.