U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

This is an archive
(replace .gov by .rip)

SP 800-210 (Draft)

General Access Control Guidance for Cloud Systems

Date Published: April 2020
Comments Due: May 15, 2020 (public comment period is CLOSED)
Email Questions to: sp800-210-comments@nist.gov

Author(s)

Vincent Hu (NIST), Michaela Iorga (NIST), Wei Bao (University of Arkansas), Ang Li (University of Arkansas), Qinghua Li (University of Arkansas), Antonios Gouglidis (Lancaster University)

Announcement

This draft guidance presents an initial step toward understanding security challenges in cloud systems by analyzing the access control (AC) considerations in all three cloud service delivery models—Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). Essential characteristics that would affect the Cloud's AC design are also summarized, such as broad network access, resource pooling, rapid elasticity, measured service, and data sharing. Various guidance for AC design of IaaS, PaaS, and SaaS are proposed according to their different characteristics. Recommendations for AC design in different cloud systems are also included to facilitate future implementations. Additionally, potential policy rules are summarized for each cloud system.

NOTE: A call for patent claims is included on page iii of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.

Abstract

Keywords

access control; access control mechanism; Cloud; cloud systems
Control Families

None selected

Documentation

Publication:
SP 800-210 (Draft) (DOI)
Local Download

Supplemental Material:
None available

Document History:
04/01/20: SP 800-210 (Draft)
07/31/20: SP 800-210 (Final)