U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications by: Karen Scarfone (Ctr)

Search Title, Abstract, Conference, Citation, Keyword or Author
Displaying 51 - 67 of 67

Guidelines on Active Content and Mobile Code

March 7, 2008
Author(s)
Wayne Jansen, Theodore Winograd, Karen A. Scarfone
Active content technologies allow code, in the form of a script, macro, or other kind of portable instruction representation, to execute when the document is rendered. Like any technology, active content can be used to deliver essential services, but it

Decentralized Trust Domain Management in Multiple Grid Environments

November 25, 2007
Author(s)
Chung Tong Hu, Karen A. Scarfone, David F. Ferraiolo
Trust domain management for the global access of a grid is managed under centralized schema for most of the current grid architectures, which are designed based on the concept that there is only one grid for every grid member, therefore requiring central

Guide to Storage Encryption Technologies for End User Devices

November 15, 2007
Author(s)
Karen A. Scarfone, Murugiah P. Souppaya, Matt Sexton
Many threats against end user devices, such as desktop and laptop computers, smart phones, personal digital assistants, and removable media, could cause information stored on the devices to be accessed by unauthorized parties. To prevent such disclosures

Guidelines on Securing Public Web Servers

October 9, 2007
Author(s)
Miles C. Tracy, Wayne Jansen, Karen A. Scarfone, Theodore Winograd
Web servers are often the most targeted and attacked hosts on organizations' networks. As a result, it is essential to secure Web servers and the network infrastructure that supports them. This document is intended to assist organizations in installing

Improving the Common Vulnerability Scoring System

September 28, 2007
Author(s)
Peter M. Mell, Karen A. Scarfone
The Common Vulnerability Scoring System is an emerging standard for scoring the impact of vulnerabilities. This paper presents the results of our analysis of the scoring system and the results of our experiment scoring a large set of vulnerabilities using

Guide to Secure Web Services

August 29, 2007
Author(s)
Anoop Singhal, Theodore Winograd, Karen A. Scarfone
The advance of Web services technologies promises to have far-reaching effects on the Internet and enterprise networks. Web services based on the eXtensible Markup Language (XML), SOAP, and related open standards, and deployed in Service Oriented

A Complete Guide to the Common Vulnerability Scoring System Version 2.0

July 30, 2007
Author(s)
Peter M. Mell, Karen A. Scarfone, Sasha Romanosky
The Common Vulnerability Scoring System (CVSS) provides an open framework for communicating the characteristics and impacts of IT vulnerabilities. CVSS consists of three groups: Base, Temporal and Environmental. Each group produces a numeric score ranging

CVSS-SIG Version 2 History

July 30, 2007
Author(s)
Peter M. Mell, Karen A. Scarfone, Gavin Reid
This document attempts to interpret the history and rationale behind changes made in the Common Vulnerability Scoring System (CVSS) from version 1 to version 2 (referred to as CVSS v1 and v2 in this document.) This document contains multiple appendices

Securing Radio Frequency Identification (RFID) Systems

May 17, 2007
Author(s)
Karen A. Scarfone
Radio frequency identification (RFID) is a form of automatic identification and data capture technology that uses electric or magnetic fields at radio frequencies to transmit information. An RFID system can be used to identify many types of objects, such

Access Control Policy Combinations for the Grid Using the Policy Machine

May 14, 2007
Author(s)
Vincent C. Hu, David F. Ferraiolo, Karen A. Scarfone
Many researchers have tackled the architecture and requirements aspects of grid security, concentrating on the authentication or authorization mediation instead of authorization techniques, especially the topic of policy combination. Policy combination is

Guide to Intrusion Detection and Prevention Systems (IDPS)

February 20, 2007
Author(s)
Karen A. Scarfone, Peter M. Mell
The National Institute of Standards and Technology (NIST) developed this document in furtherance of its statutory responsibilities under the Federal Information Security Management Act (FISMA) of 2002, Public Law 107-347. This publication seeks to assist

Guidelines on Electronic Mail Security

February 20, 2007
Author(s)
Miles C. Tracy, Wayne Jansen, Karen A. Scarfone, Jason Butterfield
This document was developed in furtherance of NIST's statutory responsibilities under the Federal Information Security Management Act (FISMA) of 2002, Public Law 107-347. The purpose of the publication is to recommend security practices for designing

Guide to Computer Security Log Management

September 13, 2006
Author(s)
Karen A. Scarfone, Murugiah Souppaya
The National Institute of Standards and Technology (NIST) developed this document in furtherance of its statutory responsibilities under the Federal Information security Management Act (FISMA) of 2002, Public Law 107-347. This publication seeks to assist

Guide to Integrating Forensic Techniques into Incident Response

September 1, 2006
Author(s)
Timothy Grance, Suzanne Chevalier, Karen A. Scarfone, Hung Dang
This publication is intended to help organizations in investigating computer security incidents and troubleshooting some information technology (IT) operational problems by providing practical guidance on performing computer and network forensics. The