Enter to open, tab to navigate, enter to select
NIST Publishes Draft Cloud Computing Security Guide for Comment
Practical Law Legal Update 9-531-8065 (Approx. 3 pages)
NIST Publishes Draft Cloud Computing Security Guide for Comment
by PLC Intellectual Property & Technology
| Published on 12 Jun 2013 • USA (National/Federal) |
The National Institute of Standards and Technology (NIST) has published for public comment draft NIST Cloud Computing Reference Architecture (NIST SP 500-299) providing proposed guidance on cloud computing security.
On June 11, 2013, the National Institute of Standards and Technology (NIST) published draft guidance on security for cloud computing. The guidance, NIST Cloud Computing Security Reference Architecture (NIST SP 500-299), focuses on cloud computing by federal government agencies and outlines a comprehensive security model that:
- Supplements the NIST Cloud Computing Reference Architecture (NIST SP 500-292) published in 2011.
- Takes into account and applies to all:
- cloud service models (Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS));
- cloud deployment models, including public, private, community and hybrid cloud networks; and
- cloud actors, including consumers, providers, brokers, carriers and auditors of cloud-based services.
- Aims to demystify the process of selecting cloud-based services.
- Introduces a cloud-adapted Risk Management Framework for applications and services migrated to the cloud.
- Provides a case study that guides users through the steps a federal government agency follows when using the cloud-adapted Risk Management Framework in migrating a typical application to the cloud.
Directed to the use of cloud computing by federal government agencies, this NIST draft can also serve as a useful tool for organizations in the private sector.
NIST has requested comments on the draft guidance and will accept comments received by July 12, 2013.