U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

NISTIR 8320 (Draft)

Hardware-Enabled Security: Enabling a Layered Approach to Platform Security for Cloud and Edge Computing Use Cases (2nd Draft)

Date Published: October 27, 2021
Comments Due: December 6, 2021 (public comment period is CLOSED)
Email Questions to: hwsec@nist.gov

Author(s)

Michael Bartock (NIST), Murugiah Souppaya (NIST), Ryan Savino (Intel), Tim Knoll (Intel), Uttam Shetty (Intel), Mourad Cherfaoui (Intel), Raghuram Yeluri (Intel), Akash Malhotra (AMD Product Security and Strategy Group), Don Banks (Arm Advanced Technology Group), Michael Jordan (IBM), Dimitrios Pendarakis (IBM), J. R. Rao (IBM), Peter Romness (Cisco), Karen Scarfone (Scarfone Cybersecurity)

Announcement

The National Cybersecurity Center of Excellence (NCCoE) has released three new draft reports on hardware-enabled security and trusted cloud for public comment. The foundation of any cloud data center or edge computing security strategy should be securing the platform on which data and workloads will be executed and accessed. The physical platform provides the initial protections to help ensure that higher-layer security controls can be trusted.

The three new draft reports are:

  • 2nd Draft NIST Internal Report (IR) 8320, Hardware-Enabled Security: Enabling a Layered Approach to Platform Security for Cloud and Edge Computing Use Cases, examines hardware-enabled security techniques and technologies that can improve platform security and data protection for cloud data centers and edge computing.
  • Draft NIST IR 8320B, Hardware-Enabled Security: Policy-Based Governance in Trusted Container Platforms, explains an approach for safeguarding container deployments in multi-tenant cloud environments, as well as a prototype implementation of the approach.
  • Draft NIST Special Publication (SP) 1800-19, Trusted Cloud: Security Practice Guide for VMware Hybrid Cloud Infrastructure as a Service (IaaS) Environments, describes an example solution for using trusted compute pools leveraging hardware roots of trust to monitor, track, apply, and enforce security and privacy policies on cloud workloads.

The public comment period for these drafts is open through December 6, 2021. See each of the publication details for copies of the drafts and instructions for submitting comments.

NOTE: A call for patent claims is included on page iv of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.

Abstract

Keywords

confidential computing; container; hardware-enabled security; hardware security module (HSM); secure enclave; trusted execution environment (TEE); trusted platform module (TPM); virtualization
Control Families

None selected

Documentation

Publication:
NISTIR 8320 (Draft) (DOI)
Local Download

Supplemental Material:
None available

Other Parts of this Publication:
NISTIR 8320A (Draft)

Document History:
04/28/20: White Paper NIST CSWP 14 ipd (Draft)
05/27/21: NISTIR 8320 (Draft)
10/27/21: NISTIR 8320 (Draft)
05/04/22: NISTIR 8320 (Final)

Topics

Security and Privacy
roots of trust

Technologies
cloud & virtualization; hardware