Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Publications

Search Publications by

Murugiah Souppaya (Fed)

Search Title, Abstract, Conference, Citation, Keyword or Author
Displaying 26 - 46 of 46

Guide to Enterprise Patch Management Technologies

July 22, 2013
Author(s)
Murugiah P. Souppaya, Karen Scarfone
Patch management is the process for identifying, acquiring, installing, and verifying patches for products and systems. Patches correct security and functionality problems in software and firmware. There are several challenges that complicate patch

Guide to Malware Incident Prevention and Handling for Desktops and Laptops

July 22, 2013
Author(s)
Murugiah P. Souppaya, Karen Scarfone
Malware, also known as malicious code, refers to a program that is covertly inserted into another program with the intent to destroy data, run destructive or intrusive programs, or otherwise compromise the confidentiality, integrity, or availability of the

Guidelines for Managing the Security of Mobile Devices in the Enterprise

June 21, 2013
Author(s)
Murugiah P. Souppaya, Karen Scarfone
Mobile devices, such as smart phones and tablets, typically need to support multiple security objectives: confidentiality, integrity, and availability. To achieve these objectives, mobile devices should be secured against a variety of threats. The purpose

Guidelines for Securing Wireless Local Area Networks (WLANs)

February 21, 2012
Author(s)
Murugiah P. Souppaya, Karen Scarfone
A wireless local area network (WLAN) is a group of wireless networking devices within a limited geographic area, such as an office building, that exchange data through radio communications. The security of each WLAN is heavily dependent on how well each

BIOS Protection Guidelines

April 29, 2011
Author(s)
David Cooper, William Polk, Andrew Regenscheid, Murugiah Souppaya
This document provides guidelines for preventing the unauthorized modification of Basic Input/Output System (BIOS) firmware on PC client systems. Unauthorized modification of BIOS firmware by malicious software constitutes a significant threat because of

National Checklist Program for IT Products Guidelines for Checklist Users and Developers

February 25, 2011
Author(s)
Stephen D. Quinn, Murugiah P. Souppaya, Melanie Cook, Karen Scarfone
Special Publication 800-70 Revision 2 - National Checklist Program for IT Products Guidelines for Checklist Users and Developers describes security configuration checklists and their benefits, and it explains how to use the NIST National Checklist Program

Guide to Security for Full Virtualization Technologies

January 28, 2011
Author(s)
Murugiah P. Souppaya, Karen Scarfone, Paul Hoffman
The purpose of SP 800-125 is to discuss the security concerns associated with full virtualization technologies for server and desktop virtualization, and to provide recommendations for addressing these concerns. Full virtualization technologies run one or

Cyber Security Metrics and Measures

March 2, 2009
Author(s)
Paul E. Black, Karen A. Scarfone, Murugiah P. Souppaya
Metrics are tools to facilitate decision making and improve performance and accountability. Measures are quantifiable, observable, and objective data supporting metrics. Operators can use metrics to apply corrective actions and improve performance

Technical Guide to Information Security Testing and Assessment

September 30, 2008
Author(s)
Murugiah P. Souppaya, Karen A. Scarfone
The purpose of this document is to assist organizations in planning and conducting technical information security tests and examinations, analyzing findings, and developing mitigation strategies. The guide provides practical recommendations for designing

Guide to Storage Encryption Technologies for End User Devices

November 15, 2007
Author(s)
Karen A. Scarfone, Murugiah P. Souppaya, Matt Sexton
Many threats against end user devices, such as desktop and laptop computers, smart phones, personal digital assistants, and removable media, could cause information stored on the devices to be accessed by unauthorized parties. To prevent such disclosures

Guide to Computer Security Log Management

September 13, 2006
Author(s)
Karen A. Scarfone, Murugiah Souppaya
The National Institute of Standards and Technology (NIST) developed this document in furtherance of its statutory responsibilities under the Federal Information security Management Act (FISMA) of 2002, Public Law 107-347. This publication seeks to assist

Systems Administration Guidance for Securing Microsoft Windows 2000 Professional System

November 1, 2002
Author(s)
Murugiah P. Souppaya, Anthony B. Harris, Mark McLarnon, Nikolaos Selimis
The document is intended to assist the users and system administrators of Windows 2000 Professional systems in configuring their hosts by providing configuration templates and security checklists. The guide provides detailed information about the security

SMPTE Declarative Data Essence: Comparison to ATSC DASE

May 1, 2001
Author(s)
John Barkley, M A. Dolan, M Koo, Andrew McCaffrey, Leonard E. Gebase, Murugiah P. Souppaya
The Declarative Data Essence (DDE) Ad-hoc Group of the D27 Technical Committee of the Society for Motion Picture and Television Engineers [SMPTE] is developing ITV standards that provide basic functionality for ITV and represent current practice, known