go to NIST home page go to CSRC home page go to Focus Areas page go to Publications page go to Advisories page go to Events page go to Site Map page go to ITL home page CSRC home page link
header image with links

Mission
Current Projects
Staff
- Archived Projects
   Random Number Generation
       & Testing
   Encryption Key Recovery
   NISS Conference
CSRC Home

 Advisories

List of Acroynms

     Projects
Cryptographic Standards
 & Applications
-  Advanced Encryption
   Standard
-  Cryptographic Toolkit
Encryption Key Recovery
   Demo. Project
-  Public Key
   Infrastructure
-  Random Number
   Generator

Security Testing
-  Automated System
   Security Evaluation Tool
-  Cryptographic Module
   Validation Program
-  IPSec
NIAP

Security Research &
Emerging Technology
-  Authorization Management &
   Advanced Access Control Models
-  Critical Infrastructure Protection
   Grants Program
-  Common Criteria
-  ICAT Vulnerability Database
-  IPSec
-  Mobile Agents Intrusion
   Detection & Security
-  Smart Card Security
   and Research

Security Management
& Guidance
-  Computer Security Expert
   Assist Team
-  Policies
-  Security Guidance

Outreach, Awareness
& Education
-  Awareness, Training
   & Education
-  CSSPAB
Federal Agencies
   Security Practices
-  Federal Computer Securty
   Program Managers' Forum
-  Small Business Computer
   Security Workshops
-  FISSEA
-  Archive of NISSC

     News & Events  
 - Federal News
 - Security Events

     Services For the: 
 - Federal Community
 - Vendor
 - User

    Links & Organizations  
 - Academic
 - Government
 - Professional
 - Additional Links

     General Information
 - Site Map
 - Virus Information

   Search CSRC
  
  
  Search Vulnerability
     Archive
   Enter vendor, software, or keyword
   
   
Karen Scarfone header image

Computer Scientist
National Institute of Standards and Technology
Computer Security Division 
Phone: 301-975-8136
Fax: 301-975-8387
E-mail address
 

Interests:

  • Intrusion detection
  • Incident response
  • Malware
  • System security

Education:

  • M.S., Computer Science, University of Idaho, 2002
  • B.S., Computer Science, University of Wisconsin-Parkside, 1993

NIST Publications:

  • SP 800-97: Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i, February 2007
  • SP 800-94: Guide to Intrusion Detection and Prevention Systems (IDPS), February 2007
  • SP 800-45 version 2: Guidelines on Electronic Mail Security, February 2007
  • SP 800-92: Guide to Computer Security Log Management, September 2006
  • SP 800-69: Guidance for Securing Microsoft Windows XP Home Edition: A NIST Security Configuration Checklist, September 2006
  • SP 800-86: Guide to Integrating Forensic Techniques into Incident Response, August 2006
  • SP 800-77: Guide to IPsec VPNs, December 2005
  • SP 800-83: Guide to Malware Incident Prevention and Handling, November 2005
  • SP 800-68: Guidance for Securing Microsoft Windows XP Systems for IT Professionals: A NIST Security Configuration Checklist, October 2005
  • SP 800-70: Security Configuration Checklists Program for IT Products—-Guidance for Checklists Users and Developers, May 2005
  • SP 800-61: Computer Security Incident Handling Guide, January 2004

External Publications:

  • V. Hu, K. Scarfone, S. Gavrila, and D. Ferraiolo, “A Trust Domain Management Schema for Multiple Grid Environments”, to appear at the Second International Conference on Scalable Information Systems, Suzhou, China, June 2007
  • V. Hu, D. Ferraiolo, and K. Scarfone, “Access Control Policy Combinations for the Grid Using the Policy Machine”, to appear at the 7th IEEE International Symposium on Cluster Computing and the Grid, Rio de Janeiro, May 2007
  • P. Mell, S. Romanosky, and K. Scarfone, “Common Vulnerability Scoring System”, IEEE Security & Privacy, November/December 2006, pp. 85-89
  • S. Northcutt, L. Zeltser, S. Winters, K. Kent, and R. Ritchey, Inside Network Perimeter Security, Second Edition, Sams, 2005
  • K. Kent, “Preventing Widespread Malicious Code Incidents”, IAnewsletter, Vol. 7, No. 3, winter 2004/2005, pp. 6-9, 30
  • K. Kent, “The NIST Computer Security Incident Handling Guide”, IAnewsletter, Vol. 7, No. 1, spring 2004, pp. 4-7, 14
  • K. Kent, “Evaluating Network Intrusion Detection Signatures”, parts 1-3, SecurityFocus.com, September­December 2002
  • S. Northcutt, L. Zeltser, S. Winters, K. Kent Frederick, and R. Ritchey, Inside Network Perimeter Security: The Definitive Guide to Firewalls, Virtual Private Networks (VPNs), Routers, and Intrusion Detection Systems, New Riders, 2002
  • K. Kent Frederick, “Cisco IOS HTTP Authorization Vulnerability”, Sys Admin Magazine, March 2002
  • K. Kent Frederick, “Network Intrusion Detection Signatures”, parts 1-5, SecurityFocus.com, December 2001­April 2002
  • K. Frederick, “Network Monitoring for Intrusion Detection”, SecurityFocus.com, August 2001
  • E. Casey (editor), Handbook of Computer Crime Investigation: Forensic Tools and Technology, Academic Press, 2001, pp. 93-114
  • S. Northcutt, M. Fearnow, K. Frederick, and M. Cooper, Intrusion Signatures and Analysis, New Riders, 2001
  • K. Frederick, “Studying Normal Traffic”, parts 1-3, SecurityFocus.com, January­May 2001
  • K. Frederick, “Abnormal IP Packets”, SecurityFocus.com, October 2000
 :
Last updated: May 30, 2007
Page created: January 5, 2007
Disclaimer Notice & Privacy Statement / Security Notice
Send comments or suggestions to CSRC Webmaster
NIST is an Agency of the U.S. Commerce Department's Technology Administration