Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications by: Murugiah Souppaya (Fed)

Displaying 51 - 75 of 126

Security Considerations for Code Signing

January 26, 2018

Author(s)

David Cooper, Andrew Regenscheid, Murugiah Souppaya

A wide range of software products (also known as code)--including firmware, operating systems, mobile applications, and application container images--must be distributed and updated in a secure and automatic way to prevent forgery and tampering. Digitally

NIST Guidance on Application Container Security

October 25, 2017

Author(s)

Ramaswamy Chandramouli, Murugiah Souppaya, Karen Scarfone

This bulletin summarizes the information found in NIST SP 800-190, Application Container Security Guide and NISTIR 8176, Security Assurance Requirements for Linux Application Container Deployments. The bulletin offers an overview of application container

Application Container Security Guide

September 25, 2017

Author(s)

Murugiah P. Souppaya, John Morello, Karen Scarfone

Application container technologies, also known as containers, are a form of operating system virtualization combined with application software packaging. Containers provide a portable, reusable, and automatable way to package and run applications. This

Guide for Cybersecurity Incident Recovery

February 21, 2017

Author(s)

Murugiah P. Souppaya, Larry Feldman, Gregory A. Witte

This bulletin summarizes the information presented in NIST SP 800-184: Guide for Cybersecurity Event Recovery. The publication provides organizations with strategic guidance for planning, playbook developing, testing and improvements of recovery planning

Guide for Cybersecurity Event Recovery

December 22, 2016

Author(s)

Michael Bartock, Jeffrey Cichonski, Murugiah Souppaya, Matthew C. Smith, Gregory Witte, Karen Scarfone

In light of an increasing number of cybersecurity events, organizations can improve resilience by ensuring that their risk management processes include comprehensive recovery planning. Identifying and prioritizing organization resources helps to guide

Guide to Securing Apple OS X 10.10 Systems for IT Professionals: A NIST Security Configuration Checklist

December 8, 2016

Author(s)

Mark L. Badger, Murugiah Souppaya, Mark R. Trapnell, Eric R. Trapnell, Dylan J. Yaga, Karen Scarfone

This publication assists IT professionals in securing Apple OS X 10.10 desktop and laptop systems within various environments. It provides detailed information about the security features of OS X 10.10 and security configuration guidelines. The publication

National Checklist Program for IT Products: Guidelines for Checklist Users and Developers

December 8, 2016

Author(s)

Stephen D. Quinn, Murugiah P. Souppaya, Melanie R. Cook, Karen Scarfone

A security configuration checklist is a document that contains instructions or procedures for configuring an information technology (IT) product to an operational environment, for verifying that the product has been configured properly, and/or for

Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security

July 29, 2016

Author(s)

Murugiah P. Souppaya, Karen Scarfone

For many organizations, their employees, contractors, business partners, vendors, and/or others use enterprise telework or remote access technologies to perform work from external locations. All components of these technologies, including organization

User's Guide to Telework and Bring Your Own Device (BYOD) Security

July 29, 2016

Author(s)

Murugiah P. Souppaya, Karen Scarfone

Many people telework, and they use a variety of devices, such as desktop and laptop computers, smartphones, and tablets, to read and send email, access websites, review and edit documents, and perform many other tasks. Each telework device is controlled by

Best Practices for Privileged User PIV Authentication

April 21, 2016

Author(s)

Hildegard Ferraiolo, David Cooper, Andrew R. Regenscheid, Karen Scarfone, Murugiah P. Souppaya

The Cybersecurity Strategy and Implementation Plan (CSIP), published by the Office of Management and Budget (OMB) on October 30, 2015, requires that federal agencies use Personal Identity Verification (PIV) credentials for authenticating privileged users

Derived Personal Identity Verification (PIV) Credentials (DPC) Proof of Concept Research

January 20, 2016

Author(s)

Michael J. Bartock, Jeffrey A. Cichonski, Murugiah P. Souppaya, Paul Fox, Mike Miller, Ryan Holley, Karen Scarfone

This report documents proof of concept research for Derived Personal Identity Verification (PIV) Credentials. Smart card-based PIV Cards cannot be readily used with most mobile devices, such as smartphones and tablets, but Derived PIV Credentials (DPCs)

Securing Interactive and Automated Access Management Using Secure Shell (SSH)

January 11, 2016

Author(s)

Murugiah P. Souppaya, Karen Scarfone, Larry Feldman

This bulletin summarizes the information presented in NISTIR 7966, "Security of Interactive and Automated Access Management Using Secure Shell (SSH)". The publication assists organizations in understanding the basics of SSH interactive and automated access

Stopping Malware and Unauthorized Software through Application Whitelisting

December 15, 2015

Author(s)

Adam Sedgewick, Murugiah Souppaya, Karen Scarfone, Larry Feldman

This bulletin summarizes the information presented in NIST Special Publication 800-167, "Guide to Application Whitelisting," written by Adam Sedgewick, Murugiah Souppaya and Karen Scarfone. The publication is intended to assist organizations in