U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications by: Karen Scarfone (Ctr)

Search Title, Abstract, Conference, Citation, Keyword or Author
Displaying 126 - 147 of 147

Guide to Secure Web Services

August 29, 2007
Author(s)
Anoop Singhal, Theodore Winograd, Karen A. Scarfone
The advance of Web services technologies promises to have far-reaching effects on the Internet and enterprise networks. Web services based on the eXtensible Markup Language (XML), SOAP, and related open standards, and deployed in Service Oriented

A Complete Guide to the Common Vulnerability Scoring System Version 2.0

July 30, 2007
Author(s)
Peter M. Mell, Karen A. Scarfone, Sasha Romanosky
The Common Vulnerability Scoring System (CVSS) provides an open framework for communicating the characteristics and impacts of IT vulnerabilities. CVSS consists of three groups: Base, Temporal and Environmental. Each group produces a numeric score ranging

CVSS-SIG Version 2 History

July 30, 2007
Author(s)
Peter M. Mell, Karen A. Scarfone, Gavin Reid
This document attempts to interpret the history and rationale behind changes made in the Common Vulnerability Scoring System (CVSS) from version 1 to version 2 (referred to as CVSS v1 and v2 in this document.) This document contains multiple appendices

Securing Radio Frequency Identification (RFID) Systems

May 17, 2007
Author(s)
Karen A. Scarfone
Radio frequency identification (RFID) is a form of automatic identification and data capture technology that uses electric or magnetic fields at radio frequencies to transmit information. An RFID system can be used to identify many types of objects, such

Access Control Policy Combinations for the Grid Using the Policy Machine

May 14, 2007
Author(s)
Vincent C. Hu, David F. Ferraiolo, Karen A. Scarfone
Many researchers have tackled the architecture and requirements aspects of grid security, concentrating on the authentication or authorization mediation instead of authorization techniques, especially the topic of policy combination. Policy combination is

Guide to Intrusion Detection and Prevention Systems (IDPS)

February 20, 2007
Author(s)
Karen A. Scarfone, Peter M. Mell
The National Institute of Standards and Technology (NIST) developed this document in furtherance of its statutory responsibilities under the Federal Information Security Management Act (FISMA) of 2002, Public Law 107-347. This publication seeks to assist

Guidelines on Electronic Mail Security

February 20, 2007
Author(s)
Miles C. Tracy, Wayne Jansen, Karen A. Scarfone, Jason Butterfield
This document was developed in furtherance of NIST's statutory responsibilities under the Federal Information Security Management Act (FISMA) of 2002, Public Law 107-347. The purpose of the publication is to recommend security practices for designing

Guide to Computer Security Log Management

September 13, 2006
Author(s)
Karen A. Scarfone, Murugiah Souppaya
The National Institute of Standards and Technology (NIST) developed this document in furtherance of its statutory responsibilities under the Federal Information security Management Act (FISMA) of 2002, Public Law 107-347. This publication seeks to assist

Guide to Integrating Forensic Techniques into Incident Response

September 1, 2006
Author(s)
Timothy Grance, Suzanne Chevalier, Karen A. Scarfone, Hung Dang
This publication is intended to help organizations in investigating computer security incidents and troubleshooting some information technology (IT) operational problems by providing practical guidance on performing computer and network forensics. The