Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

General Access Control Guidance for Cloud Systems: Draft NIST SP 800-210 is Available for Comment

NIST has released Draft Special Publication (SP) 800-210, "General Access Control Guidance for Cloud Systems," for public comment. The comment period is open through May 15, 2020.

NIST requests comments on Draft Special Publication (SP) 800-210, General Access Control Guidance for Cloud Systems, which presents an initial step toward understanding security challenges in cloud systems by analyzing the access control (AC) considerations in all three cloud service delivery models—Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). Essential characteristics that would affect the Cloud's AC design are also summarized, such as broad network access, resource pooling, rapid elasticity, measured service, and data sharing. Various guidance for AC design of IaaS, PaaS, and SaaS are proposed according to their different characteristics. Recommendations for AC design in different cloud systems are also included to facilitate future implementations. Additionally, potential policy rules are summarized for each cloud system.

The public comment period for this document is open through May 15,2020. See the publication details for a copy of the document and instructions for submitting comments.

 

NOTE: A call for patent claims is included on page iii of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.

Released April 1, 2020