The National Cybersecurity Center of Excellence (NCCoE) announces the release of three related publications on trusted cloud and hardware-enabled security. The foundation of any data center or edge computing security strategy should be securing the platform on which data and workloads will be executed and accessed. The physical platform represents the first layer for any layered security approach and provides the initial protections to help ensure that higher-layer security controls can be trusted.

• NIST Special Publication (SP) 1800-19, Trusted Cloud: Security Practice Guide for VMware Hybrid Cloud Infrastructure as a Service (IaaS) Environments, presents an example of a trusted hybrid cloud solution that demonstrates how trusted compute pools leveraging hardware roots of trust can provide the necessary security capabilities for cloud workloads in addition to protecting the virtualization and application layers.

Each of the reports below, NIST IR 8320B and NIST IR 8320C, are intended to be used as a blueprint or template that the general security community can use as example proof of concept implementations.

• NIST IR 8320B, Hardware-Enabled Security: Policy-Based Governance in Trusted Container Platforms, explains an approach based on hardware-enabled security techniques and technologies for safeguarding container deployments in multi-tenant cloud environments.
• NIST IR 8320C (Initial Public Draft), Hardware-Enabled Security: Machine Identity Management and Protection, presents an approach for overcoming security challenges associated with creating, managing, and protecting machine identities, such as cryptographic keys, throughout their lifecycle.

We Want to Hear from You!

Review the initial public draft of NIST IR 8320C and submit comments online on or before June 6, 2022. You can also contact us at hwsec@nist.gov. We value and welcome your input and look forward to your comments.