U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications by: Karen Scarfone (Ctr)

Search Title, Abstract, Conference, Citation, Keyword or Author
Displaying 1 - 25 of 67

National Online Informative References (OLIR) Program: Overview, Benefits, and Use

February 26, 2024
Author(s)
Nicole Keller, Stephen Quinn, Karen Scarfone, Matthew Smith, Vincent Johnson
Information and communications technology (ICT) domains – such as cybersecurity, privacy, and Internet of Things (IoT) – have many requirements and recommendations made by national and international standards, guidelines, frameworks, and regulations. An

The NIST Cybersecurity Framework (CSF) 2.0

February 26, 2024
Author(s)
Cherilyn Pascoe, Stephen Quinn, Karen Scarfone
The NIST Cybersecurity Framework (CSF) 2.0 provides guidance to industry, government agencies, and other organizations to manage cybersecurity risks. It offers a taxonomy of high-level cybersecurity outcomes that can be used by any organization —

Guidelines for Managing the Security of Mobile Devices in the Enterprise

May 17, 2023
Author(s)
Murugiah Souppaya, Gema Howell, Karen Scarfone, Joshua Franklin, Vincent Sritapan
Mobile devices were initially personal consumer communication devices, but they are now permanent fixtures in enterprises and are used to access modern networks and systems to process sensitive data. This publication assists organizations in managing and

Hardware-Enabled Security: Enabling a Layered Approach to Platform Security for Cloud and Edge Computing Use Cases

May 4, 2022
Author(s)
Murugiah Souppaya, Michael Bartock, Karen Scarfone, Ryan Savino, Tim Knoll, Uttam Shetty, Mourad Cherfaoui, Raghu Yeluri, Don Banks, Akash Malhotra, Michael Jordan, Dimitrios Pendarakis, Peter Romness
In today's cloud data centers and edge computing, attack surfaces have shifted and, in some cases, significantly increased. At the same time, hacking has become industrialized, and most security control implementations are not coherent or consistent. The

Trusted Cloud: Security Practice Guide for VMware Hybrid Cloud Infrastructure as a Service (IaaS) Environments

April 20, 2022
Author(s)
Murugiah Souppaya, Michael Bartock, Karen Scarfone, Donna Dodson, Daniel Carroll, Gina Scinta, Hemma Prafullchandra, Harmeet Singh, Raghuram Yeluri, Tim Shea, Carlos Phoenix, Robert Masten, Paul Massis, Jason Malnar, Michael Dalton, Anthony Dukes, Brenda Swarts, Rajeev Ghandi, Laura Storey, Rocky Weber, Jeff Haskins
A cloud workload is an abstraction of the actual instance of a functional application that is virtualized or containerized to include compute, storage, and network resources. Organizations need to be able to monitor, track, apply, and enforce their

Improving Enterprise Patching for General IT Systems: Utilizing Existing Tools and Performing Processes in Better Ways

April 6, 2022
Author(s)
Murugiah Souppaya, Alper Kerman, Karen Scarfone, Kevin Stine, Brian E. Johnson, Chris Peloquin, Vanessa Ruffin, Tyler Diamond, Mark Simos, Sean Sweeney
Despite widespread recognition that patching is effective and attackers regularly exploit unpatched software, many organizations do not adequately patch. There are myriad reasons why, not the least of which are that it's resource-intensive and that the act

Ransomware Risk Management: A Cybersecurity Framework Profile

February 23, 2022
Author(s)
Bill Fisher, Murugiah Souppaya, William Barker, Karen Scarfone
Ransomware is a type of malicious attack where attackers encrypt an organization's data and demand payment to restore access. In some instances, attackers may also steal an organization's information and demand an additional payment in return for not

Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks

June 25, 2019
Author(s)
Katie Boeckl, Michael Fagan, Bill Fisher, Naomi Lefkovitz, Katerina N. Megas, Ellen M. Nadeau, Benjamin M. Piccarreta, Danna G. O'Rourke, Karen A. Scarfone
The Internet of Things (IoT) is a rapidly evolving and expanding collection of diverse technologies that interact with the physical world. Many organizations are not necessarily aware of the large number of IoT devices they are already using and how IoT

Guide to Industrial Control Systems (ICS) Security - Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS), and other control system configurations such as Programmable Logic Controllers (PLC)

June 7, 2011
Author(s)
Keith A. Stouffer, Joseph A. Falco, Karen A. Scarfone
NIST Special Publication (SP) 800-82, Guide to Industrial Control Systems (ICS) Security, provides guidance on how to secure Industrial Control Systems (ICS), including Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems

Intrusion Detection and Prevention Systems

October 22, 2010
Author(s)
Karen A. Scarfone, Peter M. Mell
Intrusion detection is the process of monitoring the events occurring in a computer system or network and analyzing them for signs of possible incidents. An intrusion detection and prevention system (IDPS) is software that automates the intrusion detection