Date Published: October 27, 2021
Comments Due:
Email Questions to:
Author(s)
Michael Bartock (NIST), Murugiah Souppaya (NIST), Haidong Xia (Intel), Raghuram Yeluri (Intel), Uttam Shetty (Intel), Brandon Lum (IBM), Mariusz Sabath (IBM), Harmeet Singh (IBM), Alaa Youssef (IBM), Gosia Steinder (IBM), Yu Cao (Red Hat), Jayashree Ramanathan (Red Hat)
Announcement
The National Cybersecurity Center of Excellence (NCCoE) has released three new draft reports on hardware-enabled security and trusted cloud for public comment. The foundation of any cloud data center or edge computing security strategy should be securing the platform on which data and workloads will be executed and accessed. The physical platform provides the initial protections to help ensure that higher-layer security controls can be trusted.
The three new draft reports are:
- 2nd Draft NIST Internal Report (IR) 8320, Hardware-Enabled Security: Enabling a Layered Approach to Platform Security for Cloud and Edge Computing Use Cases, examines hardware-enabled security techniques and technologies that can improve platform security and data protection for cloud data centers and edge computing.
- Draft NIST IR 8320B, Hardware-Enabled Security: Policy-Based Governance in Trusted Container Platforms, explains an approach for safeguarding container deployments in multi-tenant cloud environments, as well as a prototype implementation of the approach.
- Draft NIST Special Publication (SP) 1800-19, Trusted Cloud: Security Practice Guide for VMware Hybrid Cloud Infrastructure as a Service (IaaS) Environments, describes an example solution for using trusted compute pools leveraging hardware roots of trust to monitor, track, apply, and enforce security and privacy policies on cloud workloads.
The public comment period for these drafts is open through December 6, 2021. See each of the publication details for copies of the drafts and instructions for submitting comments.
NOTE: A call for patent claims is included on page iii of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.
In today’s cloud data centers and edge computing, attack surfaces have significantly increased, cyber attacks are industrialized, and most security control implementations are not coherent or consistent. The foundation of any data center or edge computing security strategy should be securing the platform on which data and workloads will be executed and accessed. The physical platform represents the foundation for any layered security approach and provides the initial protections to help ensure that higher-layer security controls can be trusted. This report explains an approach based on hardware-enabled security techniques and technologies for safeguarding container deployments in multi-tenant cloud environments. It also describes a prototype implementation of the approach intended to be a blueprint or template for the general security community.
In today’s cloud data centers and edge computing, attack surfaces have significantly increased, cyber attacks are industrialized, and most security control implementations are not coherent or consistent. The foundation of any data center or edge computing security strategy should be securing the...
See full abstract
In today’s cloud data centers and edge computing, attack surfaces have significantly increased, cyber attacks are industrialized, and most security control implementations are not coherent or consistent. The foundation of any data center or edge computing security strategy should be securing the platform on which data and workloads will be executed and accessed. The physical platform represents the foundation for any layered security approach and provides the initial protections to help ensure that higher-layer security controls can be trusted. This report explains an approach based on hardware-enabled security techniques and technologies for safeguarding container deployments in multi-tenant cloud environments. It also describes a prototype implementation of the approach intended to be a blueprint or template for the general security community.
Hide full abstract
Keywords
cloud; container; hardware-enabled security; hardware root of trust; platform security; trusted compute pool; virtualization
Control Families
None selected