Date Published: August 2018
Comments Due: September 30, 2018
Email Comments to: trusted-cloud-nccoe@nist.gov
Author(s)
Donna Dodson (NIST), Daniel Carroll (Dell/EMC), Gina Scinta (Gemalto), Hemma Prafullchandra (HyTrust), Harmeet Singh (IBM), Raghuram Yeluri (Intel), Tim Shea (RSA), Carlos Phoenix (VMware)
Announcement
The National Cybersecurity Center of Excellence (NCCoE) at NIST recognizes the need to address security and privacy challenges for the use of shared cloud services in hybrid cloud architectures, and has launched this project. This project is using commercially available technologies to develop a cybersecurity reference design that can be implemented to increase security and privacy for cloud workloads on hybrid cloud platforms.
This project will demonstrate how the implementation and use of trusted compute pools not only will provide assurance that workloads in the cloud are running on trusted hardware and are in a trusted geolocation, but also will improve the protections for the data within workloads and flowing between workloads. This project will result in a NIST Cybersecurity Practice Guide - a publicly available description of the solution and practical steps needed to implement a cybersecurity reference design that addresses this challenge.
Cloud services can provide organizations the opportunity to increase their flexibility, availability, resiliency, and scalability, which they can use in turn to increase security, privacy, efficiency, responsiveness, innovation, and competitiveness.
The core impediments to an organization’s broader adoption of cloud technologies are the ability to protect its information and virtual assets in the cloud, and to have sufficient visibility so it can conduct oversight and ensure that it (and its cloud provider) are complying with applicable laws and business practices.
The National Cybersecurity Center of Excellence (NCCoE) at NIST built a laboratory environment using commercial off-the-shelf technology and cloud services to safeguard the security and privacy of an organization’s applications and data being run within or transferred between private and hybrid/public clouds.
The full NIST Cybersecurity Practice Guide being developed for this project will demonstrate how organizations can implement trusted compute pools in order to enforce and monitor their security and privacy policies on their cloud workloads and meet compliance requirements as specified in NIST Special Publication 800-53 and the Cybersecurity Framework.
Cloud services can provide organizations the opportunity to increase their flexibility, availability, resiliency, and scalability, which they can use in turn to increase security, privacy, efficiency, responsiveness, innovation, and competitiveness. The core impediments to an organization’s...
See full abstract
Cloud services can provide organizations the opportunity to increase their flexibility, availability, resiliency, and scalability, which they can use in turn to increase security, privacy, efficiency, responsiveness, innovation, and competitiveness.
The core impediments to an organization’s broader adoption of cloud technologies are the ability to protect its information and virtual assets in the cloud, and to have sufficient visibility so it can conduct oversight and ensure that it (and its cloud provider) are complying with applicable laws and business practices.
The National Cybersecurity Center of Excellence (NCCoE) at NIST built a laboratory environment using commercial off-the-shelf technology and cloud services to safeguard the security and privacy of an organization’s applications and data being run within or transferred between private and hybrid/public clouds.
The full NIST Cybersecurity Practice Guide being developed for this project will demonstrate how organizations can implement trusted compute pools in order to enforce and monitor their security and privacy policies on their cloud workloads and meet compliance requirements as specified in NIST Special Publication 800-53 and the Cybersecurity Framework.
Hide full abstract
Keywords
cloud computing; cybersecurity; infrastructure as a service (IaaS); security and privacy policies; virtualization
Control Families
None selected