Home / News / NIST Puts Cloud Security Guidelines Up for Debate

NIST Puts Cloud Security Guidelines Up for Debate

Photo: www.free-photos-pictures.com

The National Institute of Standards and Technology has been thinking cloud for a while — but now, NIST is getting serious about hammering out clear security requirements for Web-based computing applications and services.

NIST was tasked by federal Chief Information Officer Vivek Kundra with accelerating the formation of security guidelines to fast-track the federal adoption of the cloud. Kundra has been a high-profile federal advocate of cloud computing, announcing late last year a “cloud-first” policy for federal agencies.

And now, NIST is opening up the floor for public comments. The proposal, “Guidelines on Security and Privacy in Public Cloud Computing,” highlights security and privacy challenges related to public cloud computing as well as what steps organizations should take when migrating to the cloud.

“Cloud computing can and does mean different things to different people,” the report said, acknowledging that for all the progress made, “cloud computing remains a work in progress.”

One public cloud security pitfall seems like a no-brainer: Oftentimes, cloud providers are not aware of an agency or organization’s actual security needs. And, the solution seems just as clear-cut.

“Organizations should require that any selected public cloud computing solution is configured, deployed and managed to meet their security, privacy and other requirements,” the guidelines state.

Along with the security guidelines, NIST offered a clear-cut definition for cloud computing. NIST’s report includes five “essential” characteristics to identify what falls under the scope of the cloud:

On-demand self service, broad network access, resource pooling, rapid elasticity and measured service.

The recommended security guidelines and the cloud definition are open to comments from the public. NIST also launched a cloud-computing collaboration website to provide information and to further the dialogue between government researchers, agency technology chiefs and the broader public.

Check Also

VA Incorporating Customer Experience Principles Into CFR’s Core Values Section

The Department of Veterans Affairs is set to add a set of customer experience principles to the core values and characteristics section of its Code of Federal Regulations, Nextgov reported Friday. “Maintaining a sustained organizational commitment to, and institutionalized focus on, the voice of the customer is a critical component of modernizing VA to meet the needs and expectations of veterans, their families, caregivers and survivors,” according to the final rule scheduled for publication on Federal Register Monday.

Leave a Reply

Your email address will not be published. Required fields are marked *