This report presents four important security practices that are practical and effective for impro... more This report presents four important security practices that are practical and effective for improving the cybersecurity posture of cloud-deployed information technology (IT) systems. These practices help to address the risks, threats, and vulnerabilities that organizations face in deploying or moving applications and systems to a cloud service provider (CSP).The practices address cloud security issues that consumers are experiencing, illustrated by several recent cloud security incidents. The report demonstrates the practices through examples using cloud services available from Amazon Web Service (AWS), Microsoft, and Google.The presented practices are geared toward small and medium-sized organizations; however, all organizations, independent of size, can use these practices to improve the security of their cloud usage. The focus here is on hybrid deployments where some IT applications deploy or move to a CSP while other IT applications remain in the organization's data center. Small and medium-sized organizations likely have limited resources; where possible, these practices describe implementation approaches that may be effective in limited-resource situations.
This report presents four important security practices that are practical and effective for impro... more This report presents four important security practices that are practical and effective for improving the cybersecurity posture of cloud-deployed information technology (IT) systems. These practices help to address the risks, threats, and vulnerabilities that organizations face in deploying or moving applications and systems to a cloud service provider (CSP).The practices address cloud security issues that consumers are experiencing, illustrated by several recent cloud security incidents. The report demonstrates the practices through examples using cloud services available from Amazon Web Service (AWS), Microsoft, and Google.The presented practices are geared toward small and medium-sized organizations; however, all organizations, independent of size, can use these practices to improve the security of their cloud usage. The focus here is on hybrid deployments where some IT applications deploy or move to a CSP while other IT applications remain in the organization's data center. ...
The Industrial Internet of Things (IIoT) refers to the application of instrumentation and connect... more The Industrial Internet of Things (IIoT) refers to the application of instrumentation and connected sensors and other devices to machinery and vehicles in the transport, energy, and other critical infrastructure sectors. In the energy sector, distributed energy resources (DERs) such as solar photovoltaics including sensors, data transfer and communications systems, instruments, and other commercially available devices that are networked together. DERs introduce information exchanges between a utility's distribution control system and the DERs to manage the flow of energy in the distribution grid.
93 Many public safety organizations (PSOs) are adopting mobile devices, such as smartphones and 9... more 93 Many public safety organizations (PSOs) are adopting mobile devices, such as smartphones and 94 tablets, to enable field access to sensitive information for first responders. Most recent mobile 95 devices support one or more forms of biometrics for authenticating users. This report examines 96 how first responders could use mobile device biometrics in authentication and what the unsolved 97 challenges are. This report was developed in joint partnership between the National 98 Cybersecurity Center of Excellence (NCCoE) and the Public Safety Communications Research 99 (PSCR) Division at NIST. 100
Abstract : This document describes a specification of security services for distributed applicati... more Abstract : This document describes a specification of security services for distributed applications in the Defense Information Infrastructure (DII) Common Operating Environment (COE). Security services include identification and authentication, encryption, access control, and auditing. The security services are referred to as the COE security services API (COE SS API). The document includes a high-level description of the COE SS API, a formal Java-based specification, a mapping from the specification to the C and Java programming languages, and sample applications to demonstrate how the COE SS API can be used. Appendixes are as follows: Java Specification for the COE SS API, Java Programming Language Mapping, Sample Java Programs, C Language Mapping, and Sample C Programs.
This report presents four important security practices that are practical and effective for impro... more This report presents four important security practices that are practical and effective for improving the cybersecurity posture of cloud-deployed information technology (IT) systems. These practices help to address the risks, threats, and vulnerabilities that organizations face in deploying or moving applications and systems to a cloud service provider (CSP).The practices address cloud security issues that consumers are experiencing, illustrated by several recent cloud security incidents. The report demonstrates the practices through examples using cloud services available from Amazon Web Service (AWS), Microsoft, and Google.The presented practices are geared toward small and medium-sized organizations; however, all organizations, independent of size, can use these practices to improve the security of their cloud usage. The focus here is on hybrid deployments where some IT applications deploy or move to a CSP while other IT applications remain in the organization's data center. Small and medium-sized organizations likely have limited resources; where possible, these practices describe implementation approaches that may be effective in limited-resource situations.
This report presents four important security practices that are practical and effective for impro... more This report presents four important security practices that are practical and effective for improving the cybersecurity posture of cloud-deployed information technology (IT) systems. These practices help to address the risks, threats, and vulnerabilities that organizations face in deploying or moving applications and systems to a cloud service provider (CSP).The practices address cloud security issues that consumers are experiencing, illustrated by several recent cloud security incidents. The report demonstrates the practices through examples using cloud services available from Amazon Web Service (AWS), Microsoft, and Google.The presented practices are geared toward small and medium-sized organizations; however, all organizations, independent of size, can use these practices to improve the security of their cloud usage. The focus here is on hybrid deployments where some IT applications deploy or move to a CSP while other IT applications remain in the organization's data center. ...
The Industrial Internet of Things (IIoT) refers to the application of instrumentation and connect... more The Industrial Internet of Things (IIoT) refers to the application of instrumentation and connected sensors and other devices to machinery and vehicles in the transport, energy, and other critical infrastructure sectors. In the energy sector, distributed energy resources (DERs) such as solar photovoltaics including sensors, data transfer and communications systems, instruments, and other commercially available devices that are networked together. DERs introduce information exchanges between a utility's distribution control system and the DERs to manage the flow of energy in the distribution grid.
93 Many public safety organizations (PSOs) are adopting mobile devices, such as smartphones and 9... more 93 Many public safety organizations (PSOs) are adopting mobile devices, such as smartphones and 94 tablets, to enable field access to sensitive information for first responders. Most recent mobile 95 devices support one or more forms of biometrics for authenticating users. This report examines 96 how first responders could use mobile device biometrics in authentication and what the unsolved 97 challenges are. This report was developed in joint partnership between the National 98 Cybersecurity Center of Excellence (NCCoE) and the Public Safety Communications Research 99 (PSCR) Division at NIST. 100
Abstract : This document describes a specification of security services for distributed applicati... more Abstract : This document describes a specification of security services for distributed applications in the Defense Information Infrastructure (DII) Common Operating Environment (COE). Security services include identification and authentication, encryption, access control, and auditing. The security services are referred to as the COE security services API (COE SS API). The document includes a high-level description of the COE SS API, a formal Java-based specification, a mapping from the specification to the C and Java programming languages, and sample applications to demonstrate how the COE SS API can be used. Appendixes are as follows: Java Specification for the COE SS API, Java Programming Language Mapping, Sample Java Programs, C Language Mapping, and Sample C Programs.
Uploads
Papers by Don Faatz