Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications by: Tim Grance (Fed)

Search Title, Abstract, Conference, Citation, Keyword or Author
Displaying 1 - 23 of 23

An Access Control Scheme for Big Data Processing

November 11, 2014
Author(s)
Chung Tong Hu, Timothy Grance, David F. Ferraiolo, David R. Kuhn
Access Control (AC) systems are among the most critical of network security components. A system's privacy and security controls are more likely to be compromised due to the misconfiguration of access control policies rather than the failure of

Computer Security Incident Handling Guide

August 6, 2012
Author(s)
Paul R. Cichonski, Thomas Millar, Timothy Grance, Karen Scarfone
Computer security incident response has become an important component of information technology (IT) programs. Security-related threats have become not only more numerous and diverse but also more damaging and disruptive. An incident response capability is

Cloud Computing Synopsis and Recommendations

May 29, 2012
Author(s)
Mark L. Badger, Timothy Grance, Robert Patt-Corner, Jeffrey M. Voas
This document reprises the NIST-established definition of cloud computing, describes cloud computing benefits and open issues, presents an overview of major classes of cloud technology, and provides guidelines and recommendations on how organizations

Guidelines on Security and Privacy in Public Cloud Computing

December 9, 2011
Author(s)
Timothy Grance, Wayne Jansen
Cloud computing can and does mean different things to different people. The common characteristics most interpretations share are on-demand scalability of highly available and reliable pooled computing resources, secure access to metered services from

The NIST Definition of Cloud Computing

September 28, 2011
Author(s)
Peter M. Mell, Timothy Grance
Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with

Cyber Security Standards

June 15, 2009
Author(s)
Karen A. Scarfone, Daniel R. Benigni, Timothy Grance
The goal of cyber security standards is to improve the security of information technology (IT) systems, networks, and critical infrastructures. A cyber security standard defines both functional and assurance requirements within a product, system, process

A Framework for Measuring the Vulnerability of Hosts

June 30, 2008
Author(s)
Karen A. Scarfone, Timothy Grance
This paper proposes a framework for measuring the vulnerability of individual hosts based on current and historical operational data for vulnerabilities and attacks. Previous approaches have not been scalable because they relied on complex manually

Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities

September 21, 2006
Author(s)
Timothy Grance, Tamara Nolan, Kristin Burke, Rich Dudley, Gregory White, Travis Good
The National Institute of Standards and Technology (NIST) developed this document in furtherance of its statutory responsibilities under the Federal Information Security Management Act (FISMA) of 2002, Public Law 107-347. This publication seeks to assist

Guide to Integrating Forensic Techniques into Incident Response

September 1, 2006
Author(s)
Timothy Grance, Suzanne Chevalier, Karen A. Scarfone, Hung Dang
This publication is intended to help organizations in investigating computer security incidents and troubleshooting some information technology (IT) operational problems by providing practical guidance on performing computer and network forensics. The

Personal Identity Verification (PIV) of Federal Employees and Contractors

February 1, 2005
Author(s)
William C. Barker, James F. Dray Jr., Ramaswamy Chandramouli, Teresa T. Schwarzhoff, William T. Polk, Donna F. Dodson, Ketan L. Mehta, S Gupta, William E. Burr, Timothy Grance
[Superseded by FIPS 201-1 (March 2006): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=50836] FIPS 201 specifies the technical and operational requirements for interoperable PIV systems that issue smart cards as identification credentials and

Card Technology Developments and Gap Analysis Interagency Report

March 1, 2004
Author(s)
William C. Barker, Deborah Howard, Timothy Grance, Levent Eyuboglu
This Card Technology Developments and Gap Analysis Interagency Report (IR) provides information regarding current technical capabilities and limitations of storage and processor cards, current user requirements for individual and integrated technologies

Guide to Information Technology Security Services

October 13, 2003
Author(s)
Timothy Grance, Joan Hash, Marc Stevens, K O'Neal, N Bartol
Organizations frequently must evaluate and select a variety of information technology (IT) security services in order to maintain and improve their overall IT security program and enterprise architecture. IT security services, which range from security

Guide to Information Technology Security Services

October 9, 2003
Author(s)
Timothy Grance, Joan Hash, Marc Stevens, Kristofor O'Neal, Nadya Bartol
Organizations frequently must evaluate and select a variety of information technology (IT) security services in order to maintain and improve their overall IT security program and enterprise architecture. IT security services, which range from security

Guide to Selecting Information Technology Security Products

October 9, 2003
Author(s)
Timothy Grance, Marc Stevens, Marissa Myers
The selection of IT security products is an integral part of the design, development and maintenance of an IT security infrastructure that ensures confidentiality, integrity, and availability of mission critical information. The guide seeks to assist in

Security Guide for Interconnecting Information Technology Systems

September 1, 2002
Author(s)
Timothy Grance, Joan Hash, Steven Peck, Jonathan Smith, Karen Korow-Diks
The Security Guide for Interconnecting Information Technology Systems provides guidance for planning, establishing, maintaining, & terminating interconnections between information technology (IT) systems that are owned & operated by different organizations