U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications by: Celia Paulsen (Fed)

Search Title, Abstract, Conference, Citation, Keyword or Author
Displaying 1 - 25 of 26

Key Practices in Cyber Supply Chain Risk Management: Observations from Industry

February 11, 2021
Author(s)
Jon M. Boyens, Celia Paulsen, Nadya Bartol, Kris Winkler, James Gimbi
In today's highly connected, inter-dependent world, all organizations rely on others for critical products and services. However, the reality of globalization, while providing many benefits, has resulted in a world where organizations no longer fully

Impact Analysis Tool for Interdependent Cyber Supply Chain Risks

August 25, 2020
Author(s)
Celia Paulsen, Jon M. Boyens, Jeffrey Ng, Kris Winkler, James Gimbi
As awareness of cybersecurity supply chain risks grows among federal agencies, there is a greater need for tools that evaluate the impacts of a supply chain-related cyber event. This can be a difficult activity, especially for those organizations with

Case Studies in Cyber Supply Chain Risk Management: Anonymous Consumer Goods Company

February 4, 2020
Author(s)
Jon M. Boyens, Celia Paulsen, Nadya Bartol, Kris Winkler, James Gimbi
The Case Studies in Cyber Supply Chain Risk Management series engaged with several companies that are leaders in managing cyber supply chain risk. These case studies build on the Best Practices in Cyber Supply Chain Risk Management case studies originally

Case Studies in Cyber Supply Chain Risk Management: Anonymous Renewable Energy Company

February 4, 2020
Author(s)
Jon M. Boyens, Celia Paulsen, Nadya Bartol, Kris Winkler, James Gimbi
The Case Studies in Cyber Supply Chain Risk Management series engaged with several companies that are leaders in managing cyber supply chain risk. These case studies build on the Best Practices in Cyber Supply Chain Risk Management case studies originally

Case Studies in Cyber Supply Chain Risk Management: Mayo Clinic

February 4, 2020
Author(s)
Jon M. Boyens, Celia Paulsen, Nadya Bartol, Kris Winkler, James Gimbi
The Case Studies in Cyber Supply Chain Risk Management series engaged with several companies that are leaders in managing cyber supply chain risk. These case studies build on the Best Practices in Cyber Supply Chain Risk Management case studies originally

Case Studies in Cyber Supply Chain Risk Management: Palo Alto Networks, Inc.

February 4, 2020
Author(s)
Jon M. Boyens, Celia Paulsen, Nadya Bartol, Kris Winkler, James Gimbi
The Case Studies in Cyber Supply Chain Risk Management series engaged with several companies that are leaders in managing cyber supply chain risk. These case studies build on the Best Practices in Cyber Supply Chain Risk Management case studies originally

Case Studies in Cyber Supply Chain Risk Management: Seagate Technology

February 4, 2020
Author(s)
Jon M. Boyens, Celia Paulsen, Nadya Bartol, Kris Winkler, James Gimbi
The Case Studies in Cyber Supply Chain Risk Management series engaged with several companies that are leaders in managing cyber supply chain risk. These case studies build on the Best Practices in Cyber Supply Chain Risk Management case studies originally

Glossary of Key Information Security Terms

July 3, 2019
Author(s)
Celia Paulsen, Robert D. Byers
This publication describes an online glossary of terms used in National Institute of Standards and Technology (NIST) and Committee on National Security Systems (CNSS) publications. This glossary utilizes a database of terms extracted from NIST Federal

The Trouble with Terms

December 1, 2018
Author(s)
Celia Paulsen
Thousands of new words have been invented in the last decade to help us talk about technology. An analysis of the NIST glossary database shows insights into how we invent and define these words, and the impact of those definitions.

Putting First Things First – A Model Process for Criticality Analysis

June 26, 2018
Author(s)
Celia Paulsen, Larry Feldman, Gregory A. Witte
This bulletin summarizes the information found in NISTIR 8179: Criticality Analysis Process Model, which describes a structured method of prioritizing programs, systems, and components based on their importance to the goals of an organization and the

Criticality Analysis Process Model

April 9, 2018
Author(s)
Celia Paulsen, Jon M. Boyens, Nadya Bartol, Kris Winkler
In the modern world, where complex systems and systems-of-systems are integral to the functioning of society and businesses, it is increasingly important to be able to understand and manage risks that these systems and components may present to the

Computer Science in Education 2018

February 14, 2018
Author(s)
Jeff Voas, D. Richard Kuhn, Celia Paulsen, Kim B. Schaffer
We surveyed six of our profession's best senior computer science educators for their views on the current state and trends in computer science education.

Educating Next-Gen Computer Scientists

January 31, 2018
Author(s)
Jeff Voas, D. Richard Kuhn, Celia Paulsen, Kim B. Schaffer
Just as yeast, flour, water, and salt are to bread, algorithms, data structures, operating systems, database design, compiler design, and programming languages were computer science (CS) education's core ingredients in past years. Then, universities led

Fundamentals of Small Business Information Security

March 15, 2017
Author(s)
Celia Paulsen, Gregory A. Witte, Larry Feldman
This bulletin summarizes the information in NISTIR 7621, Revision 1: Small Business Information Security: The Fundamentals. The bulletin presents the fundamentals of a small business information security program.

Small Business Information Security: The Fundamentals

November 3, 2016
Author(s)
Patricia R. Toth, Celia Paulsen
NIST developed this NISTIR as a reference guideline for small businesses. This document is intended to present the fundamentals of a small business information security program in non-technical language.

Password policy languages: usable translation from the informal to the formal

July 21, 2015
Author(s)
Michelle P. Steves, Mary F. Theofanos, Celia Paulsen, Athos Ribeiro
Password policies – documents which regulate how users must create, manage, and change their passwords – can have complex and unforeseen consequences on organizational security. Since these policies regulate user behavior, users must be clear as to what is

Increasing Visibility and Control of Your ICT Supply Chains

June 15, 2015
Author(s)
Jon M. Boyens, Celia Paulsen, Larry Feldman, Greg Witte
This bulletin summarizes the information presented in NIST SP 800-161, Supply Chain Management Practices for Federal Information Systems and Organizations, written by Jon Boyens and Celia Paulsen. The publication provides guidance to federal agencies on

Is Your Replication Device Making An Extra Copy For Someone Else?

April 16, 2015
Author(s)
Celia Paulsen, Larry Feldman, Gregory A. Witte
This bulletin summarizes the information presented in NISTIR 8023, Risk Management for Replication Devices, written by Celia Paulsen and Kelley Dempsey. The publication provides guidance on protecting the confidentiality, integrity, and availability of

Risk Management for Replication Devices

February 23, 2015
Author(s)
Kelley L. Dempsey, Celia Paulsen
This publication provides guidance on protecting the confidentiality, integrity, and availability of information processed, stored, or transmitted on replication devices (RDs). It suggests appropriate countermeasures in the context of the System

Notional Supply Chain Risk Management Practices for Federal Information Systems

October 16, 2012
Author(s)
Jon M. Boyens, Celia Paulsen, Nadya Bartol, Rama Moorthy, Stephanie Shankles
This publication is intended to provide a wide array of practices that, when implemented, will help mitigate supply chain risk to federal information systems. It seeks to equip federal departments and agencies with a notional set of repeatable and