U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications by: Murugiah Souppaya (Fed)

Search Title, Abstract, Conference, Citation, Keyword or Author
Displaying 1 - 25 of 126

Workshop on Enhancing Security of Devices and Components Across the Supply Chain

February 18, 2025
Author(s)
Sanjay Rekhi, David Kuhn, Kim Schaffer, Murugiah Souppaya, Noah Waller, Nelson Hastings, Michael Ogata, William Barker
NIST hosted an in-person, all-day workshop on February 27, 2024, to discuss existing and emerging cybersecurity threats and mitigation techniques for semiconductors throughout their life cycle. The workshop obtained valuable feedback from industry

Automated Secure Configuration Guidance from the macOS Security Compliance Project (mSCP)

July 20, 2023
Author(s)
Mark Trapnell, Eric Trapnell, Murugiah Souppaya, Bob Gendler, Dan Brodjieski, Allen Golbig, Karen Scarfone, Blair Heiserman
The macOS Security Compliance Project (mSCP) provides resources that system administrators, security professionals, security policy authors, information security officers, and auditors can leverage to secure and assess macOS desktop and laptop system

Guidelines for Managing the Security of Mobile Devices in the Enterprise

May 17, 2023
Author(s)
Murugiah Souppaya, Gema Howell, Karen Scarfone, Joshua Franklin, Vincent Sritapan
Mobile devices were initially personal consumer communication devices, but they are now permanent fixtures in enterprises and are used to access modern networks and systems to process sensitive data. This publication assists organizations in managing and

Supply Chain Assurance: Validating the Integrity of Computing Devices

December 9, 2022
Author(s)
Nakia R. Grayson, Murugiah Souppaya, Andrew Regenscheid, Tim Polk, Christopher Brown, Karen Scarfone, Chelsea Deane
Product integrity and the ability to distinguish trustworthy products is a critical foundation of C-SCRM. Authoritative information regarding the provenance and integrity of components provides a strong basis for trust in a computing device whether it is a

Hardware-Enabled Security: Enabling a Layered Approach to Platform Security for Cloud and Edge Computing Use Cases

May 4, 2022
Author(s)
Murugiah Souppaya, Michael Bartock, Karen Scarfone, Ryan Savino, Tim Knoll, Uttam Shetty, Mourad Cherfaoui, Raghu Yeluri, Don Banks, Akash Malhotra, Michael Jordan, Dimitrios Pendarakis, Peter Romness
In today's cloud data centers and edge computing, attack surfaces have shifted and, in some cases, significantly increased. At the same time, hacking has become industrialized, and most security control implementations are not coherent or consistent. The

Hardware-Enabled Security: Policy-Based Governance in Trusted Container Platforms

April 20, 2022
Author(s)
Michael Bartock, Murugiah Souppaya, Haidong Xia, Raghu Yeluri, Uttam Shetty, Brandon Lum, Mariusz Sabath, Harmeet Singh, Alaa Youssef, Gosia Steinder, Yu Cao, Jayashree Ramanathan
In today's cloud data centers and edge computing, attack surfaces have significantly increased, cyber attacks are industrialized, and most security control implementations are not coherent or consistent. The foundation of any data center or edge computing

Trusted Cloud: Security Practice Guide for VMware Hybrid Cloud Infrastructure as a Service (IaaS) Environments

April 20, 2022
Author(s)
Murugiah Souppaya, Michael Bartock, Karen Scarfone, Donna Dodson, Daniel Carroll, Gina Scinta, Hemma Prafullchandra, Harmeet Singh, Raghuram Yeluri, Tim Shea, Carlos Phoenix, Robert Masten, Paul Massis, Jason Malnar, Michael Dalton, Anthony Dukes, Brenda Swarts, Rajeev Ghandi, Laura Storey, Rocky Weber, Jeff Haskins
A cloud workload is an abstraction of the actual instance of a functional application that is virtualized or containerized to include compute, storage, and network resources. Organizations need to be able to monitor, track, apply, and enforce their