Karen Scarfone's Publications and Blog

Welcome! This site has links to my online publications and blog posts. Sign up to get a weekly email update when I release a new pub or blog post. And if you love what I do and want to support it, feel free to buy me a coffee!

Protecting Subscriber Identifiers with Subscription Concealed Identifier (SUCI)

This publication describes enabling SUCI protection, an optional capability new in 5G which provides important security and privacy protections for subscribers. 5G network operators are encouraged to enable SUCI on their 5G networks and subscriber SIMs and to configure SUCI to use a non-null encryption cipher scheme; this provides their customers with the advantages of SUCI’s protections.

Mapping Relationships Between Documentary Standards, Regulations, Frameworks, and Guidelines: Developing Cybersecurity and Privacy Concept Mappings

This document describes NIST’s approach to mapping the elements of documentary standards, regulations, frameworks, and guidelines to a particular NIST publication, such as CSF Subcategories or SP 800-53r5 controls. This approach is to be used to map relationships involving NIST cybersecurity and privacy publications that will be submitted via the NIST OLIR process and hosted on CPRT.

SP 1800-37, Addressing Visibility Challenges with TLS 1.3 within the Enterprise

The NCCoE is demonstrating options for maintaining visibility within the TLS 1.3 protocol within an enterprise. The project demonstrates several standards-compliant architectural options for use within enterprises to provide both real-time and post-facto systems monitoring and analytics capabilities. This publication describes the approach, architecture, and security characteristics for the demonstrated proofs of concept.
Load More