NIST Issues Set Of Guidelines For Managing Security, Privacy Issues In The Cloud

The National Institute of Standards and Technology (NIST) has issued two new draft documents on cloud computing for public comment, including the first set of guidelines for managing security and privacy issues in cloud computing. The agency also has set up a new NIST Cloud Computing Collaboration site on the Web to enable two-way communication among the cloud community and NIST cloud research working groups.

United States Chief Information Officer Vivek Kundra asked NIST to accelerate the federal government's secure adoption of cloud computing by leading efforts to develop standards and guidelines in collaboration with standards bodies, the private sector and other stakeholders. These new draft documents and the collaboration site are part of NIST's work to fulfill that mission.

NIST has been researching cloud computing for several years and has been documenting a definition of cloud computing on its web page. Researchers have now published A NIST Definition of Cloud Computing (NIST Special Publication (SP) 800-145). NIST scientists are looking for feedback to determine if this definition remains valid or needs modification. SP 800-145 may be downloaded for review from http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf, and comments on suggested changes or enhancements should be sent to 800-145comments@nist.gov no later than February 28.

Guidelines on Security and Privacy in Public Cloud Computing (SP 800-144) provides an overview of the security and privacy challenges for public cloud computing and presents recommendations that organizations should consider when outsourcing data, applications and infrastructure to a public cloud environment. The key guidelines recommended to federal departments and agencies, and applicable to the private sector, include:

Carefully plan the security and privacy aspects of cloud computing solutions before engaging them.

Understand the public cloud computing environment offered by the cloud provider and ensure that a cloud computing solution satisfies organizational security and privacy requirements.

Ensure that the client-side computing environment meets organization security and privacy requirements for cloud computing.

Maintain accountability over the privacy and security of data and applications implemented and deployed in public cloud computing environments.

Public comments are requested on this publication. SP 800-144 may be downloaded for review from http://csrc.nist.gov/publications/nistpubs/800-144/SP800-144.pdf, and suggested changes or enhancements should be sent to 800-144comments@nist.gov no later than February 28.

To further foster the cloud community's collaboration aimed to enhance the federal government's secure adoption of cloud computing, NIST also has created the NIST Cloud Computing Collaboration Site at http://collaborate.nist.gov/twiki-cloud-computing/bin/view/CloudComputing/.

This site provides general information about NIST's cloud computing program and an up-to-date listing of cloud computing events. One set of pages are used by the NIST-sponsored Cloud Computing working groups. These groups, which are open to all those who wish to register and participate, were established during the November 2010 Cloud Computing Forum and Workshop II, and include Business Use Cases, Reference Architecture and Taxonomy, Standards Roadmap, Standards Acceleration to Jumpstart the Adoption of Cloud Computing (SAJACC), and Cloud Security.

Each working group's page provides descriptions of the group's task, weekly meeting information and working documents. To contribute to the TWiki, register from the link on the main NIST Cloud Computing Program website at http://www.nist.gov/itl/cloud/.

Featured

  • Progressing in Capabilities

    Progressing in Capabilities

    Hazardous areas within industries like oil and gas, manufacturing, agriculture and the like, have long-sought reliable video surveillance cameras and equipment that can operate safely in these harsh and unpredictable environments. Read Now

  • A Comprehensive Nationwide Solution

    A Comprehensive Nationwide Solution

    Across the United States, manufacturing facilities, distribution centers, truck yards, parking lots and car dealerships all have a common concern. They are targets for catalytic converters. In nearly every region, cases of catalytic converter thefts have skyrocketed. Read Now

  • Planning for Your Perimeter

    Planning for Your Perimeter

    The perimeter is an organization’s first line of defense and a critical element of any security and surveillance program. Even if a building’s interior or exterior security is strong, without a solid perimeter surveillance approach any company or business is vulnerable. Read Now

  • The Key Issue

    The Key Issue

    It is February 2014. A woman is getting ready in her room on a cruise ship when she hears a knock on the door; it is a crewmember delivering breakfast. She is not presentable so she tells him to leave it by the door. Read Now

Featured Cybersecurity

New Products

  • Pivot3 Surety

    Pivot3 Surety

    Pivot3 has announced Surety, a new intelligent software framework to simplify the management and monitoring of physical security environments. 3

  • SAFR® from RealNetworks

    SAFR® from RealNetworks

    A unique feature in SAFR version 3.4 is its ability to automate alerts to security personnel when a spoofing attempt or a fraudulent attempt to gain access is detected. 3

  • Dahua 2-Wire IP Video Intercom System

    Dahua 2-Wire IP Video Intercom System

    Dahua Technology is introducing a new line of expandable 2-wire IP video intercom solutions for the North America market. The New 2-wire IP video intercom is more advanced, cost effective, and designed to help businesses increase their security. 3