NIST issued two new draft documents on cloud computing for public comment, including the first set of guidelines for managing security and privacy issues in cloud computing. The agency also has set up a new NIST Cloud Computing Collaboration site on the Web to enable two-way communication among the cloud community and NIST cloud research working groups.
Here are the two documents:
- NIST Definition of Cloud Computing (NIST Special Publication (SP) 800-145). SP 800-145 may be downloaded for review from here.
- Guidelines on Security and Privacy in Public Cloud Computing (SP 800-144) provides an overview of the security and privacy challenges for public cloud computing and presents recommendations that organizations should consider when outsourcing data, applications and infrastructure to a public cloud environment. These recommendations are divided into the following areas:
- Governance
- Compliance
- Trust
- Architecture
- Identity & Access Management
- Software Isolation
- Data Protection
- Availability
- Incident Response
Public comments are requested on this publication as well. SP 800-144 may be downloaded for review from here.
To learn more on Cloud Computing, risks and vendor selection, head over to my three part essay, here, here and here.
No comments:
Post a Comment