U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications by: Tim Grance (Fed)

Search Title, Abstract, Conference, Citation, Keyword or Author
Displaying 1 - 25 of 46

An Access Control Scheme for Big Data Processing

November 11, 2014
Author(s)
Chung Tong Hu, Timothy Grance, David F. Ferraiolo, David R. Kuhn
Access Control (AC) systems are among the most critical of network security components. A system's privacy and security controls are more likely to be compromised due to the misconfiguration of access control policies rather than the failure of

Computer Security Incident Handling Guide

August 6, 2012
Author(s)
Paul R. Cichonski, Thomas Millar, Timothy Grance, Karen Scarfone
Computer security incident response has become an important component of information technology (IT) programs. Security-related threats have become not only more numerous and diverse but also more damaging and disruptive. An incident response capability is

Cloud Computing Synopsis and Recommendations

May 29, 2012
Author(s)
Mark L. Badger, Timothy Grance, Robert Patt-Corner, Jeffrey M. Voas
This document reprises the NIST-established definition of cloud computing, describes cloud computing benefits and open issues, presents an overview of major classes of cloud technology, and provides guidelines and recommendations on how organizations

Guidelines on Security and Privacy in Public Cloud Computing

December 9, 2011
Author(s)
Timothy Grance, Wayne Jansen
Cloud computing can and does mean different things to different people. The common characteristics most interpretations share are on-demand scalability of highly available and reliable pooled computing resources, secure access to metered services from

The NIST Definition of Cloud Computing

September 28, 2011
Author(s)
Peter M. Mell, Timothy Grance
Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with

Cyber Security Standards

June 15, 2009
Author(s)
Karen A. Scarfone, Daniel R. Benigni, Timothy Grance
The goal of cyber security standards is to improve the security of information technology (IT) systems, networks, and critical infrastructures. A cyber security standard defines both functional and assurance requirements within a product, system, process

A Framework for Measuring the Vulnerability of Hosts

June 30, 2008
Author(s)
Karen A. Scarfone, Timothy Grance
This paper proposes a framework for measuring the vulnerability of individual hosts based on current and historical operational data for vulnerabilities and attacks. Previous approaches have not been scalable because they relied on complex manually

Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities

September 21, 2006
Author(s)
Timothy Grance, Tamara Nolan, Kristin Burke, Rich Dudley, Gregory White, Travis Good
The National Institute of Standards and Technology (NIST) developed this document in furtherance of its statutory responsibilities under the Federal Information Security Management Act (FISMA) of 2002, Public Law 107-347. This publication seeks to assist

Guide to Integrating Forensic Techniques into Incident Response

September 1, 2006
Author(s)
Timothy Grance, Suzanne Chevalier, Karen A. Scarfone, Hung Dang
This publication is intended to help organizations in investigating computer security incidents and troubleshooting some information technology (IT) operational problems by providing practical guidance on performing computer and network forensics. The

Personal Identity Verification (PIV) of Federal Employees and Contractors

February 1, 2005
Author(s)
William C. Barker, James F. Dray Jr., Ramaswamy Chandramouli, Teresa T. Schwarzhoff, William T. Polk, Donna F. Dodson, Ketan L. Mehta, S Gupta, William E. Burr, Timothy Grance
[Superseded by FIPS 201-1 (March 2006): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=50836] FIPS 201 specifies the technical and operational requirements for interoperable PIV systems that issue smart cards as identification credentials and