Cloud computing has become the core accelerator of US Government digital business transformation. NIST is establishing a Multi-Cloud Security Public Working Group (MCSPWG) to research best practices for securing complex cloud solutions involving multiple service providers and multiple clouds.
The White House Executive Order on Improving the Nation's Cybersecurity highlights that “the Federal Government needs to make bold changes and significant investments in order to defend the vital institutions that underpin the American way of life” by focusing “the full scope of its authorities and resources to protect and secure its computer systems, whether they are cloud-based, on-premises, or hybrid.” The MCSPWG research will focus on a) identifying the challenges of implementing secure multi-cloud systems and b) developing guidance and best practice for mitigating the identified challenges.
The US federal agencies were further encouraged by the Cloud Smart Federal Computing Strategy to accelerate cloud adoption and modernize their IT infrastructures, leverage cloud technology scalability and speed-to-market by expanding and diversifying their cloud portfolio to incorporate multi-party (multi-providers) cloud solutions. Many organizations in adopting these cloud solutions, which can include services provided by different cloud service providers often with support from third-party entities, are faced with added security and privacy implementation challenges.
The MCSPWG Charter provides additional information on MCSPWG including the planned work and the rules of engagement for participation and subscription to the mailing list below.
Credits: Annie Sokol ANNIE SOKOLIT Specialist NIST ITL/CSD/SSA
|
Credits: Brian Ruf BRIAN RUFDirector of Cybersecurity Easy Dynamics
|
Credits: Nida Davis Dr. NIDA DAVISDirector Security Architecture MICROSOFT
|
Credits: Ned Goren NED GORENIT Specialist NIST ITL/CSD/SERM
|
---|
Mailing List: NIST is maintaining the mailing list: mcspwg@list.nist.gov for communication among subscribed members.
Join the mailing list to receive notices about MCSPWG meetings and other updates by sending an email from the email address you want to subscribe to mcspwg+subscribe@list.nist.gov.
You will receive an automated e-mail from mcspwg+subconfirm@list.nist.gov asking you to reply to the e-mail if you would like to continue with your join request. This second step is necessary for confirming your subscription to the mailing list.
To unsubscribe from the mailing list, send an email to mcspwg+unsubscribe@list.nist.gov from the subscribed email address.
If you have difficulties joining the mailing list, contact us at mcsec@nist.gov.
The mailing lists are for discussion related to MCSPWG activities.
Files should not be distributed on the mailing lists, rather they should be posted on the available collaboration site(s) and a link shared via the mailing list.
NIST moderates the mailing lists and reserves the right to:
The mailing lists are not to be used for promotional announcements, advertising, product-related press releases, or other commercial use.
Do not send messages that contain abusive or vulgar content, spam, hate speech, personal attacks, or similar content.
Security and Privacy: access authorization, access control, authentication, general security & privacy, privacy engineering, risk assessment, system authorization, systems security engineering, threats
Technologies: cloud & virtualization