United States Government Cloud Standards Perspectives

Similar documents
NIST Cloud Computing Security Working Group

Cloud Standards: Vincent Franceschini CTO Intelligent Data Fabrics, Hitachi Data Systems Chairman Emeritus, SNIA

Dr. Eng. Antonio Mauro, PhD October 20th 2011

Click to edit Master title style

Alliance for Telecommunications Industry Solutions (ATIS)

Federal Data Center Consolidation Initiative (FDCCI) Workshop I: Initial Data Center Consolidation Plan

National Cybersecurity Challenges and NIST. Matthew Scholl Chief Computer Security Division

ALI-ABA Topical Courses ESI Retention vs. Preservation, Privacy and the Cloud May 2, 2012 Video Webcast

Federal Data Center Consolidation Initiative (FDCCI) Workshop III: Final Data Center Consolidation Plan

Updates to the NIST Cybersecurity Framework

ESFRI Strategic Roadmap & RI Long-term sustainability an EC overview

Defining the S&P Impacts of Cloud Computing? Presented by the SPWG September 20, 2012

National Preparedness System. Update for EMForum June 11, 2014

Guidance for Exchange and Medicaid Information Technology (IT) Systems

STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE

Topics of Discussion

Architecture and Standards Development Lifecycle

Beyond Status and plans

U.S. Japan Internet Economy Industry Forum Joint Statement October 2013 Keidanren The American Chamber of Commerce in Japan

ISO/IEC TR TECHNICAL REPORT. Information technology Security techniques Information security management guidelines for financial services

National Strategy for CBRNE Standards

NIST Smart Grid Interoperability Framework

Certification Commission for Healthcare Information Technology. CCHIT A Catalyst for EHR Adoption

General Framework for Secure IoT Systems

Building an Assurance Foundation for 21 st Century Information Systems and Networks

Introduction of ISO/IEC JTC1 SC 38 & its standard work on cloud computing. Junfeng ZHAO

Executive Order & Presidential Policy Directive 21. Ed Goff, Duke Energy Melanie Seader, EEI

ISO/IEC JTC 1 N 13145

NCSF Foundation Certification

An Overview of ISO/IEC family of Information Security Management System Standards

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

Physical Security Reliability Standard Implementation

IPv6 Task Force - Phase II. Welcome

Copyright 2011 EMC Corporation. All rights reserved.

CEN and CENELEC Position Paper on the draft regulation ''Cybersecurity Act''

IEEE 802 EC ITU standing committee

Innovating with Less Across the Federal IT Portfolio: The Role of Shared Services and Enterprise Architecture

ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Information security management systems Overview and vocabulary

ISO/IEC Information technology Security techniques Code of practice for information security management

ISO/IEC INTERNATIONAL STANDARD

Cloud First Policy General Directorate of Governance and Operations Version April 2017

USE CASE STUDY. Connecting Data Through Mission. Department of Transportation (DOT) A Product of the Federal CIO Council Innovation Committee

Standardization Activities for Cloud Computing

Cybersecurity & Privacy Enhancements

RESOLUTION 47 (Rev. Buenos Aires, 2017)

ISO/IEC JTC 1/SWG 5 N 11

National Cybersecurity Center of Excellence

NIST Technologies, ongoing research and SBIR. Clara Asmail National Institute of Standards and Technology Office of Technology Partnerships

ISO/IEC INTERNATIONAL STANDARD

Metadata Framework for Resource Discovery

ENISA s Position on the NIS Directive

Toward Horizon 2020: INSPIRE, PSI and other EU policies on data sharing and standardization

ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Code of practice for information security management

OFFICE OF THE ASSISTANT SECRETARY OF DEFENSE HEALTH AFFAIRS SKYLINE FIVE, SUITE 810, 5111 LEESBURG PIKE FALLS CHURCH, VIRGINIA

Framework for Improving Critical Infrastructure Cybersecurity

The emerging EU certification framework: A role for ENISA Dr. Andreas Mitrakas Head of Unit EU Certification Framework Conference Brussels 01/03/18

Information Security Program Audit Introduction and Survival Guide

Standards: Enabler of Sustainability

Cloud Customer Architecture for Securing Workloads on Cloud Services

DIGITIZING INDUSTRY, ICT STANDARDS TO

The U.S. National Spatial Data Infrastructure

ISO/IEC JTC 1 Study Group on Smart Cities

Directive on Security of Network and Information Systems

This document is a preview generated by EVS

ISO/IEC INTERNATIONAL STANDARD. Information technology Software asset management Part 1: Processes and tiered assessment of conformance

Track 4: Session 6 Cybersecurity Program Review

Information technology Security techniques Information security controls for the energy utility industry

INTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE

Federal Continuous Monitoring Working Group. March 21, DOJ Cybersecurity Conference 2/8/2011

Vendor: The Open Group. Exam Code: OG Exam Name: TOGAF 9 Part 1. Version: Demo

NIST Smart Grid Activities

WHO-ITU National ehealth Strategy Toolkit

Southeast Florida Regional Climate Change Compact Update. Broward Climate Change Task Force February 16, 2017

EPA Near-port Community Capacity Building: Tools and Technical Assistance for Collaborative Solutions

Chapter 4. Fundamental Concepts and Models

THE KENYA HEALTH DATA COLLABORATIVE EXPERIENCE AND WAYFORWARD

Security Models for Cloud

Privacy hacking & Data Theft

Systems and software engineering Requirements for managers of information for users of systems, software, and services

This document is a preview generated by EVS

Organization of Scientific Area Committees for Forensic Science (OSAC)

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Information security management system implementation guidance

Emergency Communications Preparedness Center (ECPC) Research and Development (R&D) Focus Group (FG)

Framework for Improving Critical Infrastructure Cybersecurity. and Risk Approach

National Cybersecurity Center of Excellence (NCCoE) Energy Sector Asset Management

The HITRUST CSF. A Revolutionary Way to Protect Electronic Health Information

ITU-T FG-DPM: Key Activities and Future Plans

Improving Cybersecurity through the use of the Cybersecurity Framework

Re: McAfee s comments in response to NIST s Solicitation for Comments on Draft 2 of Cybersecurity Framework Version 1.1

INFORMATION ASSURANCE DIRECTORATE

Erik Puskar Standards Coordination Office 30 May, 2013 World Trade Center Moscow

JTC 101. Joint Technology Committee Meeting Naples, Florida December 4, 2013

ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Information security risk management

Global Standards Information. Standards Simulation Training for the USG ICES Workshop. July 6, 2010

M403 ehealth Interoperability Overview

Homeland Security Institute. Annual Report. pursuant to. Homeland Security Act of 2002

This document is a preview generated by EVS

Input on Proposals and Positions for 2016 World Telecommunication Standardization

INSPIRE status report

Transcription:

United States Government Cloud Standards Perspectives in the context of the NIST initiative to collaboratively build a USG Cloud Computing Technology Roadmap NIST Mission: To promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life Robert Rathe EC-ETSI Standards in the Cloud Workshop September 28, 2011 Dawn Leaf, NIST Senior Executive for Cloud Computing

NIST Cloud Computing Program Goal Goal: Accelerate the US federal government s adoption of cloud computing Build a USG Cloud Computing Technology Roadmap which focuses on the highest priority USG cloud computing security, interoperability and portability requirements Contribute to the identification & development of standards and guidelines in close consultation and collaboration with US federal, state and local government, as well as the private sector including academia, standards developing organizations, industry, commercial and international community stakeholders; 2

NIST Cloud Computing Program Concept Strategic Program How to build a USG Cloud Computing Technology Roadmap 1. Define Target USG Cloud Computing Business Use Cases 2. Define Neutral Cloud Computing Reference Architecture & Taxonomy priorities risks obstacles 3. Generate Cloud Computing Interagency Report: Technology Roadmap USG Cloud Computing Translate Technology Roadmap Requirements list of Tactical Priorities & & Identify Gaps Deliverables Expand CC Definition ref. architecture Concurrent & Iterative 3-step process that drives tactical efforts Tactical Program NIST CC efforts Standards Working Group, SDO liaison, submissions Standards Acceleration to Jumpstart the Adoption of Cloud Computing (SAJACC) through qualitative testing of specifications against interoperability, security, and portability requirements Guidance Special Publications; technical advisor to Fed CIO Council; Cloud Security Working Group Complex Computing Simulation & Modeling Koala IaaS resource allocation algorithms 3

NIST Cloud Computing Program Timeline S T R A T E G I C May 2010 NIST CC Forum & Workshop I Outreach & Fact finding with USG, Industry, SDOs NIST CC Definition Evaluate past models & lessons learned Define fresh approach to support secure & effective USG cloud computing adoption, prioritize interoperability, portability, & security requirements, collaborate, more quickly respond to operational needs Tactical efforts Nov 2010 NIST CC Forum & Workshop II Launch CC Strategic Program Initiate Stakeholder Meetings Collaboratively define working group scope & resources Develop Refined Plan March 2011 NIST CC Forum & Workshop III Execute CC Strategic program Continue Stakeholder meetings Integrate results into tactical priorities Oct 2011 NIST CC Forum & Workshop Complete 1 st draft USG Cloud Computing Technology Roadmap Roadmap Interagency Report Assess Results & Replan 4

USG Cloud Computing Roadmap One area of Focus Standards Roadmap Inventory of Standards Relevant to CC May 2011 12 th public working group Draft NIST Cloud Computing Standards Roadmap Issued NIST SP 500-291 August 2011

NIST Cloud Computing Standards Preliminary Assessment & Contributions Assessment -- Fast changing landscape of cloud computing relevant standardization Present areas with standardization gaps include: SaaS functional interfaces; SaaS self service management interfaces; PaaS functional interfaces; business support/provisioning/configuration; and security and privacy Present standardization areas of priority to the US federal government include: security auditing and compliance; identity and access management; SaaS application specific data and metadata; and resource description and discovery STRATEGIC &TACTICAL aspects standards work needs to be relevant NIST Contributions: Two fundamental NIST special publications are under consideration by various standards bodies as the basis for formal cloud computing standards NIST Definition of Cloud Computing - Special Publication (SP) 800-145 NIST Cloud Computing Reference Architecture Special Publication (SP) 500-292 6

Definition why is it important? NIST Definition of Cloud Computing first public in 2008 Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. Beyond the Definition Security in the context of more complex logical & physical system boundaries drives the need to examine service & delivery models (NIST SP 146 DRAFT Cloud Computing Synopsis and Recommendations) Most well known and broadly adopted NIST Cloud Computing contribution: NIST submitted the NIST Definition of Cloud Computing, V15, as a proposed US National Body contribution to the International Organization for Standardization/International Electrotechnical Commission -Joint Technical Committee 1/Subcommittee 38, Distributed Application Platforms & Services (JTC 1/SC 38 Cloud Computing Study Group)(Jan 2011) 7

Usefulness & relevance -- if Cloud providers map services and products because USG (& others) can compare apples to apples Cloud Consumer Cloud Auditor Security Audit Privacy Impact Audit Performance Audit USG Cloud Computing Technology Roadmap Reference Architecture why is it important? Service Layer IaaS PaaS SaaS Resource Abstraction and Control Layer Physical Resource Layer Hardware Facility Cloud Provider Cloud Carrier Cloud Service Management Business Support Provisioning/ Configuration Portability/ Interoperability Security Privacy Cloud Broker Service Intermediation Service Aggregation Service Arbitrage The Reference Architecture and Taxonomy Working Group has developed a draft neutral reference architecture that depicts a generic high level conceptual model for discussing the requirements, structures and operations of cloud computing. The model and its companion taxonomy are a basis for discussing the characteristics, uses and standards for cloud computing. Using this taxonomy, the NIST Standards Roadmap Working Group has mapped cloud computing relevant standards to portability, interoperability and security. requirements NIST

Contact Information NIST invites and welcomes you to collaborate with us in the arena of Cloud Computing! US Federal Cloud Computing references: www.cio.gov Public NIST cloud web site: http://www.nist.gov/itl/cloud/index.cfm Dawn M. Leaf Senior Executive For Cloud Computing United States Department of Commerce 100 Bureau Drive Stop 2000 Gaithersburg, MD 20899-2000 Tel: (301) 975-4500 Email: dawn.leaf@nist.gov 9

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback