Karen Scarfone's Publications and Blog

Welcome! This site has links to my online publications and blog posts. Sign up to get a weekly email update when I release a new pub or blog post.

5G Cybersecurity (Executive Summary)

As the first volume of the practice guide, this document summarizes the most significant cybersecurity and privacy recommendations identified thus far from our research on this project. For more information, project goals and implementation details are being documented in a second NIST Cybersecurity Practice Guide Volume B. In addition, detailed information on 5G cybersecurity and privacy capabilities is also being published as part of a white paper series.

Ransomware Risk Management CSF 2.0 Profile

NIST IR 8374 reflects changes made to the Cybersecurity Framework (CSF) from CSF 1.1 to CSF 2.0 which identifies security objectives that support managing, detecting, responding to, and recovering from ransomware events. You can use this publication to gauge your organization’s readiness to counter ransomware threats, mitigate potential consequences of a ransomware event, and to develop a ransomware countermeasure playbook.

Protecting Subscriber Identifiers with Subscription Concealed Identifier (SUCI)

This publication describes enabling SUCI protection, an optional capability new in 5G which provides important security and privacy protections for subscribers. 5G network operators are encouraged to enable SUCI on their 5G networks and subscriber SIMs and to configure SUCI to use a non-null encryption cipher scheme; this provides their customers with the advantages of SUCI’s protections.
Load More