NIST Issues Cloud Computing Guidelines for Managing Security and Privacy
From NIST Tech Beat: January 24, 2012
The National Institute of Standards and Technology (NIST) has finalized its first set of guidelines for managing security and privacy issues in cloud computing.*
Guidelines on Security and Privacy in Public Cloud Computing (NIST Special Publication 800-144) provides an overview of the security and privacy challenges facing public cloud computing and presents recommendations that organizations should consider when outsourcing data, applications and infrastructure to a public cloud environment. The document provides insights on threats, technology risks and safeguards related to public cloud environments to help organizations make informed decisions about this use of this technology.
"Public cloud computing and the other deployment models are a viable choice for many applications and services. However, accountability for security and privacy in public cloud deployments cannot be delegated to a cloud provider and remains an obligation for the organization to fulfill," said publication co-author Tim Grance.
The key guidelines include:
The publication also provides a detailed list of Federal Information Processing Standards and NIST special publications that provide materials particularly relevant to cloud computing and are recommended to be used in conjunction with SP 800-144.
The document can be downloaded from http://www.nist.gov/manuscript-publication-search.cfm?pub_id=909494.
* Guidelines on Security and Privacy in Public Cloud Computing was first issued as a draft for public comment in February 2011. See the Feb. 2 Tech Beat article, "Cloud Computing at NIST: Two New Draft Documents and a Wiki," at www.nist.gov/public_affairs/tech-beat/tb20110202.cfm#cloud.