Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications by:

Search Title, Abstract, Conference, Citation, Keyword or Author
Displaying 1 - 25 of 130

Implementing a Zero Trust Architecture: High-Level Document

June 10, 2025
Author(s)
Alper Kerman, Oliver Borchert, Gema Howell, Scott Rose, Murugiah Souppaya, Jason Ajmo, Yemi Fashina, Parisa Grayeli, Joseph Hunt, Jason Hurlburt, Nedu Irrechukwu, Joshua Klosterman, Oksana Slivina, Susan Symington, Allen Tan, Karen Scarfone, William Barker, Peter Gallagher, Aaron Palermo, Madhu Balaji, Adam Cerini, Rajarshi Das, Jacob Barosin, Kyle Black, Scott Gordon, Jerry Haskins, Keith Luck, Dale McKay, Sunjeet Randhawa, Brian Butler, Mike Delaguardia, Matthew Hyatt, Randy Martin, Peter Romness, Corey Bonnell, Dean Coclin, Ryan Johnson, Dung Lam, Darwin Tolbert, Tim Jones, Tom May, Christopher Altman, Alex Bauer, Marco Genovese, Andrew Campagna, John Dombroski, Adam Frank, Nalini Kannan, Priti Patil, Harmeet Singh, Mike Spisak, Krishna Yellepeddy, Nicholas Herrmann, Corey Lund, Farhan Saifudin, Madhu Dodda, Tim LeMaster, Ken Durbin, James Elliott, Earl Matthews, David Pricer, Joey Cruz, Tarek Dawoud, Carmichael Patton, Alex Pavlovsky, Brandon Stephenson, Clay Taylor, Bob Lyons, Vinu Panicker, Peter Bjork, Hans Drolshagen, Imran Bashir, Ali Haider, Nishit Kothari, Sean Morgan, Seetal Patel, Norman Wong, Zack Austin, Shawn Higgins, Rob Woodworth, Mitchell Lewars, Bryan Rosensteel, Don Coltrain, Wade Ellery, Deborah McGinn, Frank Briguglio, Ryan Tighe, Chris Jensen, Joshua Moll, Jason White, Joe Brown, Gary Bradt, Jeffrey Adorno, Syed Ali, Bob Smith
A zero trust architecture (ZTA) enables secure authorized access to enterprise resources that are distributed across on-premises and multiple cloud environments, while enabling a hybrid workforce and partners to access resources from anywhere, at any time

Workshop on Enhancing Security of Devices and Components Across the Supply Chain

February 18, 2025
Author(s)
Sanjay Rekhi, David Kuhn, Kim Schaffer, Murugiah Souppaya, Noah Waller, Nelson Hastings, Michael Ogata, William Barker
NIST hosted an in-person, all-day workshop on February 27, 2024, to discuss existing and emerging cybersecurity threats and mitigation techniques for semiconductors throughout their life cycle. The workshop obtained valuable feedback from industry

Automated Secure Configuration Guidance from the macOS Security Compliance Project (mSCP)

July 20, 2023
Author(s)
Mark Trapnell, Eric Trapnell, Murugiah Souppaya, Bob Gendler, Dan Brodjieski, Allen Golbig, Karen Scarfone, Blair Heiserman
The macOS Security Compliance Project (mSCP) provides resources that system administrators, security professionals, security policy authors, information security officers, and auditors can leverage to secure and assess macOS desktop and laptop system

Guidelines for Managing the Security of Mobile Devices in the Enterprise

May 17, 2023
Author(s)
Murugiah Souppaya, Gema Howell, Karen Scarfone, Joshua Franklin, Vincent Sritapan
Mobile devices were initially personal consumer communication devices, but they are now permanent fixtures in enterprises and are used to access modern networks and systems to process sensitive data. This publication assists organizations in managing and

Supply Chain Assurance: Validating the Integrity of Computing Devices

December 9, 2022
Author(s)
Nakia R. Grayson, Murugiah Souppaya, Andrew Regenscheid, Tim Polk, Christopher Brown, Karen Scarfone, Chelsea Deane
Product integrity and the ability to distinguish trustworthy products is a critical foundation of C-SCRM. Authoritative information regarding the provenance and integrity of components provides a strong basis for trust in a computing device whether it is a

Hardware-Enabled Security: Enabling a Layered Approach to Platform Security for Cloud and Edge Computing Use Cases

May 4, 2022
Author(s)
Murugiah Souppaya, Michael Bartock, Karen Scarfone, Ryan Savino, Tim Knoll, Uttam Shetty, Mourad Cherfaoui, Raghu Yeluri, Don Banks, Akash Malhotra, Michael Jordan, Dimitrios Pendarakis, Peter Romness
In today's cloud data centers and edge computing, attack surfaces have shifted and, in some cases, significantly increased. At the same time, hacking has become industrialized, and most security control implementations are not coherent or consistent. The

Hardware-Enabled Security: Policy-Based Governance in Trusted Container Platforms

April 20, 2022
Author(s)
Michael Bartock, Murugiah Souppaya, Haidong Xia, Raghu Yeluri, Uttam Shetty, Brandon Lum, Mariusz Sabath, Harmeet Singh, Alaa Youssef, Gosia Steinder, Yu Cao, Jayashree Ramanathan
In today's cloud data centers and edge computing, attack surfaces have significantly increased, cyber attacks are industrialized, and most security control implementations are not coherent or consistent. The foundation of any data center or edge computing

Trusted Cloud: Security Practice Guide for VMware Hybrid Cloud Infrastructure as a Service (IaaS) Environments

April 20, 2022
Author(s)
Murugiah Souppaya, Michael Bartock, Karen Scarfone, Donna Dodson, Daniel Carroll, Gina Scinta, Hemma Prafullchandra, Harmeet Singh, Raghuram Yeluri, Tim Shea, Carlos Phoenix, Robert Masten, Paul Massis, Jason Malnar, Michael Dalton, Anthony Dukes, Brenda Swarts, Rajeev Ghandi, Laura Storey, Rocky Weber, Jeff Haskins
A cloud workload is an abstraction of the actual instance of a functional application that is virtualized or containerized to include compute, storage, and network resources. Organizations need to be able to monitor, track, apply, and enforce their
Was this page helpful?