NIST Cloud Computing Program

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "NIST Cloud Computing Program"

Transcription

1 NIST Program USG Roadmap Top 10 high priority requirements to accelerate USG adoption of the model NIST Mission: To promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life Robert Rathe CASC, February 29, 2012 Robert Bohn, Program Manager NIST 1 Program

2 Unchanged: NIST Program Goal Accelerate the federal government s adoption of cloud computing* Build a USG Roadmap which focuses on the highest priority USG cloud computing security, interoperability and portability requirements Lead efforts to develop standards and guidelines in close consultation and collaboration with standards bodies, the private sector, and other stakeholders * REF 2 NIST 2 Program

3 S T R A T E G I C NIST CC Definition May 2010 Workshop I REVISITING NIST CLOUD COMPUTING PROGRAM (PHASE 1) INITIATIVE TO BUILD A USG CLOUD COMPUTING TECHNOLOGY ROADMAP Outreach & Fact finding with USG, Industry, SDOs Evaluate past models & lessons learned Define fresh approach to support secure & effective USG cloud computing adoption, prioritize interoperability, portability, & security requirements, collaborate, more quickly respond to operational needs Tactical efforts Nov 2010 Workshop II Launch CC Strategic Program Initiate Stakeholder Meetings Collaboratively define working group scope & resources Refine Plan March 2011 Workshop III Execute CC Strategic program Continue Stakeholder meetings Integrate results into tactical priorities How to build a USG Roadmap 1. Define Target USG Use Cases 2. Define Neutral Reference Architecture & Taxonomy 3. Generate Roadmap Translate Requirements & Identify Gaps Oct 2011 Workshop IV Complete 1 st draft USG Roadmap Interagency Report Assess Results & Replan 3 NIST 3 Program

4 Volume I - Highlights USG Roadmap requirements* - high priorities to further USG Adoption: Requirement 1: International voluntary consensus based interoperability, portability and security standards Requirement 2: Solutions for high priority Security Requirements Top 10 High Priority USG Requirements to accelerate secure & effective cloud adoption (interoperability, portability, security) And.There are practical reasons why the requirements that are needed for USG agencies to securely & effectively deploy the model are also needed by the broad cloud computing stakeholder community Requirement 3: Technical specifications to enable development of consistent, high quality Service Level Agreements Requirement 4: Clearly and consistently categorized cloud services Requirement 5: Frameworks to support seamless implementation of federated community cloud environments Requirement 6: Technical security solutions which are decoupled from organizational policy decisions Requirement 7: Defined unique government regulatory requirements, technology gaps, and solutions Requirement 8: Collaborative parallel strategic future cloud development initiatives Requirement 9: Defined and implemented reliability design goals Requirement 10: Defined and implemented cloud service metrics NIST 4 Program *relationship to interoperability, portability, and security 4 guidance, standards, & technology highlighted in roadmap

5 Security Privacy Volume II - Highlights Useful Information for Adopters Summary of the work completed November 2010 through September 2011 in projects & working groups Analysis supports high priority requirements introduced in Volume I References to detailed publications & external work NIST Reference Architecture (& Taxonomy) SP Sept 2011 Summary of USG target business use case templates & initial set SAJACC technical use case summary spec 1 spec 2 Specifications Use Cases Case 1 Case 2 Validation Exercises Spec 1 Test 1 Spec 2 Test 2 Spec n Test n Standards Roadmap SP July 2011 standards & gap analysis Consumer Auditor Securit y Audit Privacy Impact Audit Perfor mance Audit Service Layer IaaS SaaS PaaS Resource Abstraction and Control Layer Physical Resource Hardware Layer Facility Provider Carrier Community Outreach Service Manage ment Business Support Provisio ning/ Configur ation Portabili ty/ Interoper ability NIST Standards Portal Use Cases Validated Specifications standards Existing Standards Working Groups information Reference Implementations Standards Development Organizations High Priority Security Requirements - challenges, requirements overview, risk mitigation measures Other related work - Reliability Research in -based Complex Systems Koala SLA taxonomy, Broker Service Intermed iation Service Aggregat ion Service Arbitrag e NIST 5 Program

6 We have practical opportunities to leverage our efforts one is identifying complementary efforts the NIST Roadmap refers to as Priority Action Plans 6 Strategic Program (continue phase 1 activities and ) How to build a USG Roadmap 1. Define Target USG Business Use Cases 2. REFINE & APPLY Neutral CC Reference Architecture & Taxonomy priorities risks obstacles 3. UPDATE Roadmap Translate Requirements & Identify Gaps Vendors map services NIST Tactical Program USG Roadmap... leverage Priority Action Plans (PAPs) selected for self-tasking by Stakeholder Community Assess & Track: USG CC High Priority Requirements met by Priority Action Plans (self-tasked by NIST and other CC stakeholders) Rqmt 1: International consensus interoperability, security, portability standards Rqmt 2: Solutions for High Priority Security requirements Rqmt 3: Technical Specifications to enable high quality SLAs. Rqmt 10: Defined and Implemented cloud service metrics Integrate results into tactical priorities Measure Results NIST Program

7 USG Roadmap requirements - high priorities to further USG Adoption: Encourage standards & compensate with Service Level Agreements to require demonstration of data/system portability between providers Requirement 1: International voluntary consensus based interoperability, portability and security standards (interoperability, portability, and security standards) Requirement 2: Solutions for high priority Security Requirements (security technology) Recommended Priority Action Plans are tactical as well as strategic Examples of Priority Action Plans & interim solutions to apply while cloud solutions are maturing Request that cloud service vendors map their offerings to a common reference (i.e. NIST Reference Architecture) so that it is easier to compare services Define unique USG/mission/sector/business Requirements (e.g. 508 compliance, e-discovery, record retention) Requirement 3: Technical specifications to enable development of consistent, high quality Service Level Agreements (interoperability, portability, and security standards and guidance) Requirement 4: Clearly and consistently categorized cloud services (interoperability and portability guidance and technology) Requirement 5: Frameworks to support seamless implementation of federated community cloud environments (interoperability and portability guidance and technology) Requirement 6: Technical security solutions which are de-coupled from organizational policy decisions (security guidance, standards and technology) Requirement 7: Defined unique government regulatory requirements, technology gaps, and solutions (interoperability, portability and security technology) Requirement 8: Collaborative parallel strategic future cloud development initiatives (interoperability, portability, and security technology) Requirement 9: Defined and implemented reliability design goals (interoperability, portability, and security technology) Requirement 10: Defined and implemented cloud service metrics (interoperability and portability standards) 7 NIST 7 Program

8 NIST COMPUTING PROGRAM TIMELINE (PHASE 2) 8 S T R A T E G I C Analyze Phase 1 working group & project results Complete 1 st draft for public comment USG Roadmap Version 1 SP Nov 2011 Workshop IV Re-Assess Progress & Phase 2 Plan March 2012 Workshop V Initiate Program Phase II Integrate & track USG Roadmap Priority Action Plans (PAPs) with external stakeholders Integrate results into tactical priorities Measure Results Nov 2012 Workshop VI USG Roadmap Version 2 Tactical efforts Public & Federal Standards & working groups Standards liaison, SAJACC, FedRamp & other technical advisory, Guidance, Koala NIST Special Pubs Guidelines on Security and Privacy Definition of CC Synopsis & Recommendations CC Standards Roadmap CC Reference Architecture USG CC Roadmap Draft NIST Program Planned NIST Special Pubs Challenging Security Requirements for US Government CC Adoption Revised USG CC Roadmap Vol I High-priority requirements to Further USG Agency CC Adoption 2. Vol II Useful Information for Adopters 3. Draft Vol. III Technical Considerations for USG CC Deployment Decisions

9 9 NIST invites you to collaborate with us on! US Federal references: Public NIST cloud web site: United States Department of Commerce National Institute of Standards and Information Laboratory 100 Bureau Drive Stop 2000 Gaithersburg, MD Tel: (301) , NIST Program

Highlights & Next Steps

Highlights & Next Steps USG Cloud Computing Technology Roadmap Highlights & Next Steps NIST Mission: To promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways

More information

A New Way to Compute or: How I Learned to Stop Worrying and Love the Cloud

A New Way to Compute or: How I Learned to Stop Worrying and Love the Cloud A New Way to Compute or: How I Learned to Stop Worrying and Love the Cloud Robert Bohn NIST March 7, 2012 DC/SLA Washington, DC Chapter History Cloud" is borrowed from telephony. Telecoms once offered

More information

The NIST Cloud Computing Program

The NIST Cloud Computing Program The NIST Cloud Computing Program Robert Bohn Information Technology Laboratory National Institute of Standards and Technology October 12, 2011 Information Technology Laboratory Cloud 1 Computing Program

More information

Cloud Computing A NIST Perspective & Beyond. Robert Bohn, PhD Advanced Network Technologies Division

Cloud Computing A NIST Perspective & Beyond. Robert Bohn, PhD Advanced Network Technologies Division Cloud Computing A NIST Perspective & Beyond Robert Bohn, PhD Advanced Network Technologies Division ISACA National Capital Area Chapter Arlington, VA, USA 17 March 2015 Cloud Program Overview Launch &

More information

Moving to the Cloud: NIST Vision and Initiatives

Moving to the Cloud: NIST Vision and Initiatives Moving to the Cloud: NIST Vision and Initiatives part of the US Federal Cloud Computing Strategy Dawn Leaf NIST Senior Executive for Cloud Computing March 16, 2011 Gaithersburg, Maryland, USA NIST Mission:

More information

NIST Cloud Computing Program Activities

NIST Cloud Computing Program Activities NIST Cloud Computing Program Overview The NIST Cloud Computing Program includes Strategic and Tactical efforts which were initiated in parallel, and are integrated as shown below: NIST Cloud Computing

More information

Cloud Computing A NIST Perspective and Beyond. Robert Bohn, PhD Advanced Network Technologies Division

Cloud Computing A NIST Perspective and Beyond. Robert Bohn, PhD Advanced Network Technologies Division Cloud Computing A NIST Perspective and Beyond Robert Bohn, PhD Advanced Network Technologies Division CASC Fall Meeting 2014 17 September 2014 Federal IT Strategies 2 The NIST Cloud Computing Program Goal

More information

CLOUD SERVICE LEVEL AGREEMENTS Meeting Customer and Provider needs

CLOUD SERVICE LEVEL AGREEMENTS Meeting Customer and Provider needs CLOUD SERVICE LEVEL AGREEMENTS Meeting Customer and Provider needs Eric Simmon January 28 th, 2014 BACKGROUND Federal Cloud Computing Strategy Efficiency improvements will shift resources towards higher-value

More information

NIST Cloud Computing Security Reference Architecture (SP 500-299 draft)

NIST Cloud Computing Security Reference Architecture (SP 500-299 draft) NIST Cloud Computing Security Reference Architecture (SP 500-299 draft) NIST Cloud Computing Security Working Group Dr. Michaela Iorga, NIST Senior Security Technical Lead for Cloud Computing Chair, NIST

More information

US Government Cloud Computing Technology Roadmap Volume II Release 1.0 (Draft)

US Government Cloud Computing Technology Roadmap Volume II Release 1.0 (Draft) Special Publication 500-293 (Draft) US Government Cloud Computing Technology Roadmap Volume II Release 1.0 (Draft) Useful Information for Cloud Adopters Lee Badger, Robert Bohn, Shilong Chu, Mike Hogan,

More information

Standardizing Cloud Services for Financial Institutions through the provisioning of Service Level Agreements (SLAs)

Standardizing Cloud Services for Financial Institutions through the provisioning of Service Level Agreements (SLAs) Standardizing Cloud Services for Financial Institutions through the provisioning of Service Level Agreements (SLAs) Robert Bohn, PhD Advanced Network Technologies Division Cloud FS Americas 2015 New York,

More information

Standards Acceleration to Jumpstart Adoption of Cloud Computing (SAJACC)

Standards Acceleration to Jumpstart Adoption of Cloud Computing (SAJACC) Standards Acceleration to Jumpstart Adoption of Cloud Computing (SAJACC) Lee Badger Dawn Leaf Dec. 7, 2010 : Mission To promote U.S. innovation and industrial competitiveness by advancing measurement science,

More information

US Government Cloud Computing Technology Roadmap Volume I

US Government Cloud Computing Technology Roadmap Volume I Special Publication 500-293 US Government Cloud Computing Technology Roadmap Volume I High-Priority Requirements to Further USG Agency Cloud Computing Adoption Lee Badger, David Bernstein, Robert Bohn,

More information

A Strawman Model. NIST Cloud Computing Reference Architecture and Taxonomy Working Group. January 3, 2011

A Strawman Model. NIST Cloud Computing Reference Architecture and Taxonomy Working Group. January 3, 2011 A Strawman Model NIST Cloud Computing Reference Architecture and Taxonomy Working Group January 3, 2011 Objective Our objective is to define a neutral architecture consistent with NIST definition of cloud

More information

Document: NIST CCSRWG 092. First Edition

Document: NIST CCSRWG 092. First Edition NIST Cloud Computing Standards Roadmap Document: NIST CCSRWG 092 First Edition July 5, 2011 Special Publication 500 291 NIST Cloud Computing Standards Roadmap National Institute of Standards and Technology

More information

The Road to Cloud Standards via a Reference Architecture

The Road to Cloud Standards via a Reference Architecture The Road to Cloud Standards via a Reference Architecture Robert Bohn NIST Information Technology Laboratory MAGIC Meeting NCO/NITRD June 1, 2011 2 Background Technological Maturity Economic Standards Driven

More information

National Institute of Standards and Technology

National Institute of Standards and Technology Special Publication 500 291 NIST Cloud Computing Standards Roadmap National Institute of Standards and Technology NIST Cloud Computing Standards Roadmap Working Group Michael Hogan Fang Liu Annie Sokol

More information

US Government Cloud Computing Technology Roadmap Volume I Release 1.0 (Draft)

US Government Cloud Computing Technology Roadmap Volume I Release 1.0 (Draft) Special Publication 500-293 (Draft) US Government Cloud Computing Technology Roadmap Volume I Release 1.0 (Draft) High-Priority Requirements to Further USG Agency Cloud Computing Adoption Lee Badger, David

More information

NIST Cloud Computing Reference Architecture

NIST Cloud Computing Reference Architecture NIST Cloud Computing Reference Architecture Version 1 March 30, 2011 2 Acknowledgements This reference architecture was developed and prepared by Dr. Fang Liu, Jin Tong, Dr. Jian Mao, Knowcean Consulting

More information

NIST Strategy to build a USG Cloud Computing Technology Roadmap

NIST Strategy to build a USG Cloud Computing Technology Roadmap NIST Strategy to build a USG Cloud Computing Technology Roadmap The National Institute of Standards and Technology (NIST) has been has been asked by the United States Chief Information Officer to assume

More information

NIST Cloud Computing Reference Architecture & Taxonomy Working Group

NIST Cloud Computing Reference Architecture & Taxonomy Working Group NIST Cloud Computing Reference Architecture & Taxonomy Working Group Robert Bohn Information Technology Laboratory June 21, 2011 2 Outline Cloud Background Objective Working Group background NIST Cloud

More information

Public Cloud Workshop Offerings

Public Cloud Workshop Offerings Cloud Perspectives a division of Woodward Systems Inc. Public Cloud Workshop Offerings Cloud Computing Measurement and Governance in the Cloud Duration: 1 Day Purpose: This workshop will benefit those

More information

The Cloud Seen from the U.S.A.

The Cloud Seen from the U.S.A. The Cloud Seen from the U.S.A. Stephen R. Bell, Counselor to the U.S. Coordinator, International Communications and Information Policy, U.S. Department of State OUTLINE Commercial drivers of Cloud services

More information

Applying Business Architecture to the Cloud

Applying Business Architecture to the Cloud Applying Business Architecture to the Cloud Mike Rosen, Chief Scientist Mike.Rosen@ WiltonConsultingGroup.com Michael Rosen Agenda n What do we mean by the cloud? n Sample architecture and cloud support

More information

NIST Cloud Computing Standards Roadmap

NIST Cloud Computing Standards Roadmap Special Publication 500-291, Version 2 NIST Cloud Computing Standards Roadmap NIST Cloud Computing Standards Roadmap Working Group NIST Cloud Computing Program Information Technology Laboratory This page

More information

Cloudy with Showers of Business Opportunities and a Good Chance of. Security. Transforming the government IT landscape through cloud technology

Cloudy with Showers of Business Opportunities and a Good Chance of. Security. Transforming the government IT landscape through cloud technology Dr. Michaela Iorga, Senior Security Technical Lead for Cloud Computing Co-Chair, Cloud Security WG Co-Chair, Cloud Forensics Science WG Cloudy with Showers of Business Opportunities and a Good Chance of

More information

GAO INFORMATION TECHNOLOGY REFORM. Progress Made but Future Cloud Computing Efforts Should be Better Planned

GAO INFORMATION TECHNOLOGY REFORM. Progress Made but Future Cloud Computing Efforts Should be Better Planned GAO July 2012 United States Government Accountability Office Report to the Subcommittee on Federal Financial Management, Government Information, Federal Services, and International Security, Committee

More information

A Special Report Cloud Computing

A Special Report Cloud Computing A Special Report Cloud Computing Report on Cloud Computing used in the Aerospace and Defense Industry 1 Important Disclaimer: The Aerospace Industries Association of America, Inc. ( AIA ) has no intellectual

More information

Shared Services Canada and Cloud Computing Architecture Framework Advisory Committee

Shared Services Canada and Cloud Computing Architecture Framework Advisory Committee Shared Services Canada and Cloud Computing Architecture Framework Advisory Committee Transformation, Service Strategy and Design December 17, 2012 Agenda TOPICS PRESENTER(S) 9:00 9:15 Opening Remarks and

More information

Cybersecurity Framework. Executive Order 13636 Improving Critical Infrastructure Cybersecurity

Cybersecurity Framework. Executive Order 13636 Improving Critical Infrastructure Cybersecurity Cybersecurity Framework Executive Order 13636 Improving Critical Infrastructure Cybersecurity National Institute of Standards and Technology (NIST) Mission To promote U.S. innovation and industrial competitiveness

More information

Cloud Computing Actionable Standards An Overview of Cloud Specifications

Cloud Computing Actionable Standards An Overview of Cloud Specifications Computing Actionable Standards An Overview of Specifications Computing Broker Inter- Computing IaaS PaaS SaaS IaaS PaaS SaaS Web Data Web Data Michael Behrens, CTO, R2AD, LLC Eugene Luster, Standards Architect,

More information

Scott Renda Office of Management and Budget www.whitehouse.gov/omb/egov

Scott Renda Office of Management and Budget www.whitehouse.gov/omb/egov Cloud Computing Briefing Scott Renda Office of Management and Budget www.whitehouse.gov/omb/egov Cloud Computing Basics Style of computing Cloud Computing: What Does it Mean? Close public/private sector

More information

Security Issues in Cloud Computing

Security Issues in Cloud Computing Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources

More information

CLOUD COMPUTING. Agencies Need to Incorporate Key Practices to Ensure Effective Performance

CLOUD COMPUTING. Agencies Need to Incorporate Key Practices to Ensure Effective Performance United States Government Accountability Office Report to Congressional Requesters April 2016 CLOUD COMPUTING Agencies Need to Incorporate Key Practices to Ensure Effective Performance GAO-16-325 April

More information

ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS

ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS Shirley Radack, Editor Computer Security Division Information

More information

Cloud Computing Best Practices. Creating Effective Cloud Computing Contracts for the Federal Government: Best Practices for Acquiring IT as a Service

Cloud Computing Best Practices. Creating Effective Cloud Computing Contracts for the Federal Government: Best Practices for Acquiring IT as a Service Cloud Computing Best Practices Cloud Computing Best Practices Creating Effective Cloud Computing Contracts for the Federal Government: Best Practices for Acquiring IT as a Service Overview Cloud Computing

More information

Shared Services Canada. Cloud Computing

Shared Services Canada. Cloud Computing Shared Services Canada Cloud Computing Architecture Framework Advisory Committee Transformation, Service Strategy and Design January 28, 2013 1 Agenda TIME TOPICS PRESENTER(S) 09:00 9:15 Opening Remarks

More information

IT Security Risk Management Model for Cloud Computing: A Need for a New Escalation Approach.

IT Security Risk Management Model for Cloud Computing: A Need for a New Escalation Approach. IT Security Risk Management Model for Cloud Computing: A Need for a New Escalation Approach. Gunnar Wahlgren 1, Stewart Kowalski 2 Stockholm University 1: (wahlgren@dsv.su.se), 2: (stewart@dsv.su.se) ABSTRACT

More information

JA to support the ehealth Network

JA to support the ehealth Network JA to support the ehealth Network ehealth Network & ehgi Directive 2011/24/EU of the European Parliament and of the Council on the application of patients` rights in cross-border healtcare 08.05.2015 2

More information

Cloud Computing Technology

Cloud Computing Technology Cloud Computing Technology The Architecture Overview Danairat T. Certified Java Programmer, TOGAF Silver danairat@gmail.com, +66-81-559-1446 1 Agenda What is Cloud Computing? Case Study Service Model Architectures

More information

Shared Services Canada (SSC)

Shared Services Canada (SSC) Shared Services Canada (SSC) Cloud Computing Architecture Identity, Credential & Access Architecture Framework Advisory Committee Transformation, Service Strategy and Design August 29, 2013 1 Agenda TIME

More information

Cloud Computing are you ready?

Cloud Computing are you ready? Cloud Computing are you ready? Steven Krenz ITSM Practice Lead Agenda Introduction Presentation Topics The traditional Data Center: How it compares to The Cloud Cloud Computing and IT Service Management:

More information

Seeing Though the Clouds

Seeing Though the Clouds Seeing Though the Clouds A PM Primer on Cloud Computing and Security NIH Project Management Community Meeting Mark L Silverman Are You Smarter Than a 5 Year Old? 1 Cloud First Policy Cloud First When evaluating

More information

Audit of the CFPB s Acquisition and Contract Management of Select Cloud Computing Services

Audit of the CFPB s Acquisition and Contract Management of Select Cloud Computing Services O F F I C E O F IN S P E C TO R GENERAL Audit Report 2014-IT-C-016 Audit of the CFPB s Acquisition and Contract Management of Select Cloud Computing Services September 30, 2014 B O A R D O F G O V E R

More information

US Government Driven Cloud. A panel discussion including: DMTF, Cloud Security Alliance, NIST and SNIA

US Government Driven Cloud. A panel discussion including: DMTF, Cloud Security Alliance, NIST and SNIA US Government Driven Cloud Computing Standards A panel discussion including: DMTF, Cloud Security Alliance, NIST and SNIA Lee Badger: Computer Scientist, Computer Security Division, National Institute

More information

Industry Consultation Note Cloud Management Office. Industry Consultation Note - Cloud Management Office (CMO)

Industry Consultation Note Cloud Management Office. Industry Consultation Note - Cloud Management Office (CMO) Industry Consultation Note - Cloud Management Office (CMO) MeghRaj Policy Government of India views Information and Communication Technology (ICT) as an opportunity to achieve its vision for sustainable

More information

Cybersecurity in the Utilities Sector Best Practices and Implementation 2014 Canadian Utilities IT & Telecom Conference September 24, 2014

Cybersecurity in the Utilities Sector Best Practices and Implementation 2014 Canadian Utilities IT & Telecom Conference September 24, 2014 Cybersecurity in the Utilities Sector Best Practices and Implementation 2014 Canadian Utilities IT & Telecom Conference September 24, 2014 Victoria Yan Pillitteri Advisor for Information Systems Security

More information

Key Management Challenges in a Cloud Ecosystem

Key Management Challenges in a Cloud Ecosystem Key Management Challenges in a Cloud Ecosystem A Discussion Starter Based on the Cloud Security WG s Research - Dr. Michaela Iorga, NIST (presenting) Anil Karmel, C2 Lab, Inc. (presenting) Juanita Koilpilai,

More information

Cloud Security Alliance and Standards. Jim Reavis Executive Director March 2012

Cloud Security Alliance and Standards. Jim Reavis Executive Director March 2012 Cloud Security Alliance and Standards Jim Reavis Executive Director March 2012 About the CSA Global, not for profit, 501(c)6 organization Over 32,000 individual members, 120 corporate members, 60 chapters

More information

Expert Reference Series of White Papers. Understanding NIST s Cloud Computing Reference Architecture: Part II

Expert Reference Series of White Papers. Understanding NIST s Cloud Computing Reference Architecture: Part II Expert Reference Series of White Papers Understanding NIST s Cloud Computing Reference Architecture: Part II info@globalknowledge.net www.globalknowledge.net Understanding NIST s Cloud Computing Reference

More information

A Comprehensive Study on Cloud Computing Standardization

A Comprehensive Study on Cloud Computing Standardization A Comprehensive Study on Cloud Computing Standardization Dr. Mukesh Chandra Negi Project Manager, Tech Mahindra Ltd, Noida, India ABSTRACT: Standard is a trust between standardization body, buyers and

More information

Strengthening America s Data Agency. DOC Update and Response to CDAC Recommendations

Strengthening America s Data Agency. DOC Update and Response to CDAC Recommendations Strengthening America s Data Agency DOC Update and Response to CDAC Recommendations 1 Data Introduction & Strategic Plan Revision 2 Review of DOC Data Goal and Strategic Objectives Strategic Goal: Maximize

More information

U.S. HOUSE OF REPRESENTATIVES SUBCOMMITTEE ON TECHNOLOGY AND INNOVATION COMMITTEE ON SCIENCE, SPACE, AND TECHNOLOGY HEARING CHARTER

U.S. HOUSE OF REPRESENTATIVES SUBCOMMITTEE ON TECHNOLOGY AND INNOVATION COMMITTEE ON SCIENCE, SPACE, AND TECHNOLOGY HEARING CHARTER U.S. HOUSE OF REPRESENTATIVES SUBCOMMITTEE ON TECHNOLOGY AND INNOVATION COMMITTEE ON SCIENCE, SPACE, AND TECHNOLOGY HEARING CHARTER The Next IT Revolution?: Cloud Computing Opportunities and Challenges

More information

Emerging Approaches in a Cloud-Connected Enterprise: Containers and Microservices

Emerging Approaches in a Cloud-Connected Enterprise: Containers and Microservices Emerging Approaches in a -Connected Enterprise: Containers and Microservices Anil Karmel Co-Founder and CEO, C2 Labs Co-Chair, NIST Security Working Group akarmel@c2labs.com @anilkarmel Emerging Technologies

More information

Document NIST XXX-0XX. First Working Draft. October 31, 2011. Draft October 31, 20011 Draft

Document NIST XXX-0XX. First Working Draft. October 31, 2011. Draft October 31, 20011 Draft NIST US Government Cloud Computing Technology Roadmap Volume III Technical Considerations for USG Cloud Computing Deployment Decisions Document NIST XXX-0XX First Working Draft Draft October 31, 20011

More information

When Security, Privacy and Forensics Meet in the Cloud

When Security, Privacy and Forensics Meet in the Cloud When Security, Privacy and Forensics Meet in the Cloud Dr. Michaela Iorga, Senior Security Technical Lead for Cloud Computing Co-Chair, Cloud Security WG Co-Chair, Cloud Forensics Science WG March 26,

More information

DEPARTMENT AGENCY STATEMENT OF OBJECTIVES FOR CLOUD MIGRATION SERVICES: INVENTORY, APPLICATION MAPPING, AND MIGRATION PLANNING MONTH YYYY TEMPLATE

DEPARTMENT AGENCY STATEMENT OF OBJECTIVES FOR CLOUD MIGRATION SERVICES: INVENTORY, APPLICATION MAPPING, AND MIGRATION PLANNING MONTH YYYY TEMPLATE DEPARTMENT AGENCY STATEMENT OF OBJECTIVES FOR CLOUD MIGRATION SERVICES: INVENTORY, APPLICATION MAPPING, AND MIGRATION PLANNING MONTH YYYY TEMPLATE 1 Introduction and Instructions This sample Statement

More information

Integrating Project Management and Service Management

Integrating Project Management and Service Management Integrating Project and Integrating Project and By Reg Lo with contributions from Michael Robinson. 1 Introduction Project has become a well recognized management discipline within IT. is also becoming

More information

The NIST Definition of Cloud Computing (Draft)

The NIST Definition of Cloud Computing (Draft) Special Publication 800-145 (Draft) The NIST Definition of Cloud Computing (Draft) Recommendations of the National Institute of Standards and Technology Peter Mell Timothy Grance NIST Special Publication

More information

NICE and Framework Overview

NICE and Framework Overview NICE and Framework Overview Bill Newhouse NIST NICE Leadership Team Computer Security Division Information Technology Lab National Institute of Standards and Technology TABLE OF CONTENTS Introduction to

More information

NIST Coordination and Acceleration of Smart Grid Standards. Tom Nelson National Institute of Standards and Technology 8 December, 2010

NIST Coordination and Acceleration of Smart Grid Standards. Tom Nelson National Institute of Standards and Technology 8 December, 2010 NIST Coordination and Acceleration of Smart Grid Standards Tom Nelson National Institute of Standards and Technology 8 December, 2010 The Electric Grid One of the largest, most complex infrastructures

More information

Allison Stanton Director of E-Discovery U.S. Department of Justice, Civil Division

Allison Stanton Director of E-Discovery U.S. Department of Justice, Civil Division Allison Stanton Director of E-Discovery U.S. Department of Justice, Civil Division Jason R. Baron Director of Litigation National Archives and Records Administration 1 Overview Cloud Computing Defined

More information

December 8, 2011. Security Authorization of Information Systems in Cloud Computing Environments

December 8, 2011. Security Authorization of Information Systems in Cloud Computing Environments December 8, 2011 MEMORANDUM FOR CHIEF INFORMATION OFFICERS FROM: SUBJECT: Steven VanRoekel Federal Chief Information Officer Security Authorization of Information Systems in Cloud Computing Environments

More information

Preface Introduction

Preface Introduction Preface Introduction Cloud computing is revolutionizing all aspects of technologies to provide scalability, flexibility and cost-effectiveness. It has become a challenge to ensure the security of cloud

More information

NIST Cybersecurity Framework Overview

NIST Cybersecurity Framework Overview NIST Cybersecurity Framework Overview Executive Order 13636 Improving Critical Infrastructure Cybersecurity 2nd ENISA International Conference on Cyber Crisis Cooperation and Exercises Executive Order

More information

Cloud Brokerage Industry Day August 2, 2012. Panel Questions & Answers

Cloud Brokerage Industry Day August 2, 2012. Panel Questions & Answers Cloud Brokerage Industry Day August 2, 2012 Panel Questions & Answers Contents This presentation contains discussion questions and notes from the panelist responses for the GSA Cloud Brokerage Industry

More information

6 Cloud computing overview

6 Cloud computing overview 6 Cloud computing overview 6.1 General ISO/IEC 17788:2014 (E) Cloud Computing Overview Page 1 of 6 Cloud computing is a paradigm for enabling network access to a scalable and elastic pool of shareable

More information

Cybersecurity Framework: Current Status and Next Steps

Cybersecurity Framework: Current Status and Next Steps Cybersecurity Framework: Current Status and Next Steps Federal Advisory Committee on Insurance November 6, 2014 Adam Sedgewick Senior IT Policy Advisor Adam.Sedgewick@nist.gov National Institute of Standards

More information

WHITE PAPER: STRATEGIC IMPACT PILLARS FOR EFFICIENT MIGRATION TO CLOUD COMPUTING IN GOVERNMENT

WHITE PAPER: STRATEGIC IMPACT PILLARS FOR EFFICIENT MIGRATION TO CLOUD COMPUTING IN GOVERNMENT WHITE PAPER: STRATEGIC IMPACT PILLARS FOR EFFICIENT MIGRATION TO CLOUD COMPUTING IN GOVERNMENT IntelliDyne, LLC MARCH 2012 STRATEGIC IMPACT PILLARS FOR EFFICIENT MIGRATION TO CLOUD COMPUTING IN GOVERNMENT

More information

The NIST Definition of Cloud Computing

The NIST Definition of Cloud Computing Special Publication 800-145 The NIST Definition of Cloud Computing Recommendations of the National Institute of Standards and Technology Peter Mell Timothy Grance NIST Special Publication 800-145 The NIST

More information

The Cloud Computing Revolution: Beyond the Hype

The Cloud Computing Revolution: Beyond the Hype The Cloud Computing Revolution: Beyond the Hype KEN ADLER Partner and Chair, Technology and Outsourcing Practice Group Loeb & Loeb LLP Outsourcing in Financial Services Program October 19, 2010 Overview

More information

Perspectives on Cloud Computing and Standards. Peter Mell, Tim Grance NIST, Information Technology Laboratory

Perspectives on Cloud Computing and Standards. Peter Mell, Tim Grance NIST, Information Technology Laboratory Perspectives on Cloud Computing and Standards Peter Mell, Tim Grance NIST, Information Technology Laboratory Standardization and Cloud Computing Cloud computing is a convergence of many technologies Some

More information

VMware vcloud Powered Services

VMware vcloud Powered Services SOLUTION OVERVIEW VMware vcloud Powered Services VMware-Compatible Clouds for a Broad Array of Business Needs Caught between shrinking resources and growing business needs, organizations are looking to

More information

SECURITY MODELS FOR CLOUD 2012. Kurtis E. Minder, CISSP

SECURITY MODELS FOR CLOUD 2012. Kurtis E. Minder, CISSP SECURITY MODELS FOR CLOUD 2012 Kurtis E. Minder, CISSP INTRODUCTION Kurtis E. Minder, Technical Sales Professional Companies: Roles: Security Design Engineer Systems Engineer Sales Engineer Salesperson

More information

The standards landscape in cloud

The standards landscape in cloud The standards landscape in cloud PRESENTATION computing TITLE GOES HERE Vincent Franceschini CTO Distributed Architectures, Hitachi Data System Chairman Emeritus, SNIA Governing Board Member, SNIA Cloud

More information

SECURITY RISK MANAGEMENT

SECURITY RISK MANAGEMENT SECURITY RISK MANAGEMENT ISACA Atlanta Chapter, Geek Week August 20, 2013 Scott Ritchie, Manager, HA&W Information Assurance Services Scott Ritchie CISSP, CISA, PCI QSA, ISO 27001 Auditor Manager, HA&W

More information

Cloud Computing Standards: Overview and first achievements in ITU-T SG13.

Cloud Computing Standards: Overview and first achievements in ITU-T SG13. Cloud Computing Standards: Overview and first achievements in ITU-T SG13. Dr ITU-T, Chairman of Cloud Computing Working Party, SG 13 Future Networks Orange Labs Networks, Cloud & Future Networks Standard

More information

ITU- T Focus Group Cloud Compu2ng

ITU- T Focus Group Cloud Compu2ng ITU- T Focus Group Cloud Compu2ng International Telecommunication Union 1 ITU-T FG Cloud Management & Structure Management team: Chairman: Victor Kutukov (Russia) Vice-Chairman: Jamil Chawki (France Telecom

More information

State of Oregon. State of Oregon 1

State of Oregon. State of Oregon 1 State of Oregon State of Oregon 1 Table of Contents 1. Introduction...1 2. Information Asset Management...2 3. Communication Operations...7 3.3 Workstation Management... 7 3.9 Log management... 11 4. Information

More information

Framework for Improving Critical Infrastructure Cybersecurity

Framework for Improving Critical Infrastructure Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity Implementation of Executive Order 13636 8 April 2015 cyberframework@nist.gov Agenda Mission of NIST Cybersecurity at NIST Cybersecurity Framework

More information

NIST Cybersecurity Initiatives. ARC World Industry Forum 2014

NIST Cybersecurity Initiatives. ARC World Industry Forum 2014 NIST Cybersecurity Initiatives Keith Stouffer and Vicky Pillitteri NIST ARC World Industry Forum 2014 February 10-13, 2014 Orlando, FL National Institute of Standards and Technology (NIST) NIST s mission

More information

Cloud Security. A Sales Guy Talks About DoD s Cautious Journey to the Public Cloud. Sean Curry Sales Executive, Aquilent

Cloud Security. A Sales Guy Talks About DoD s Cautious Journey to the Public Cloud. Sean Curry Sales Executive, Aquilent Cloud Security A Sales Guy Talks About DoD s Cautious Journey to the Public Cloud Sean Curry Sales Executive, Aquilent The first in a series of audits DoD did not fully execute elements of the July 2012

More information

Federal Cloud Computing Initiative Overview

Federal Cloud Computing Initiative Overview Federal Cloud Computing Initiative Overview Program Status To support the Federal Cloud Computing Direction and Deployment Approach, the ITI Line of Business PMO has been refocused as the Cloud Computing

More information

Service Measurement Index Framework Version 2.1

Service Measurement Index Framework Version 2.1 Service Measurement Index Framework Version 2.1 July 2014 CSMIC Carnegie Mellon University Silicon Valley Moffett Field, CA USA Introducing the Service Measurement Index (SMI) The Service Measurement Index

More information

Seamless adaptive multi- cloud management of service- based applications. European Open Cloud Collaboration Workshop, May 15, 2014, Brussels

Seamless adaptive multi- cloud management of service- based applications. European Open Cloud Collaboration Workshop, May 15, 2014, Brussels Seamless adaptive multi- cloud management of service- based applications European Open Cloud Collaboration Workshop, May 15, 2014, Brussels Interoperability and portability are a few of the main challenges

More information

Re: JEITA s comments on NIST Special Publication 500-293, US Government Cloud Computing. Technology Roadmaps Volume I/II Release 1.

Re: JEITA s comments on NIST Special Publication 500-293, US Government Cloud Computing. Technology Roadmaps Volume I/II Release 1. December 2, 2011 Dr. Robert Bohn National Institute of Standards and Technology, Department of Commerce 100 Bureau Dr., Stop 2000, Gaithersburg, MD 20899-2000 (Via e-mail: ccroadmap.comments@nist.gov.)

More information

Purpose. Service Model SaaS (Applications) PaaS (APIs) IaaS (Virtualization) Use Case 1: Public Use Case 2: Use Case 3: Public.

Purpose. Service Model SaaS (Applications) PaaS (APIs) IaaS (Virtualization) Use Case 1: Public Use Case 2: Use Case 3: Public. Federal CIO Council Information Security and Identity Management Committee (ISIMC) Guidelines for the Secure Use of Cloud Computing by Federal Departments and Agencies DRAFT V0.41 Earl Crane, CISSP, CISM

More information

Allison Stanton, Director of E-Discovery U.S. Department of Justice, Civil Division. U.S. Department of Agriculture

Allison Stanton, Director of E-Discovery U.S. Department of Justice, Civil Division. U.S. Department of Agriculture Allison Stanton, Director of E-Discovery U.S. Department of Justice, Civil Division Benjamin Young, Assistant General Counsel U.S. Department of Agriculture 1 Disclaimer The views expressed in this presentation

More information

PROTIVITI FLASH REPORT

PROTIVITI FLASH REPORT PROTIVITI FLASH REPORT Cybersecurity Framework: Where Do We Go From Here? February 25, 2014 Just over a year ago, President Barack Obama signed an Executive Order (EO) calling for increased cybersecurity

More information

ITIL AS A FRAMEWORK FOR MANAGEMENT OF CLOUD SERVICES

ITIL AS A FRAMEWORK FOR MANAGEMENT OF CLOUD SERVICES ITIL AS A FRAMEWORK FOR MANAGEMENT OF CLOUD SERVICES Soňa Karkošková 1, George Feuerlicht 2 1 Faculty of Information Technology, University of Economics, Prague, W. Churchill Sqr. 4, 130 67 Prague 3, Czech

More information

Working Group on. First Working Group Meeting 29.5.2012

Working Group on. First Working Group Meeting 29.5.2012 Working Group on Cloud Security and Privacy (WGCSP) First Working Group Meeting 29.5.2012 1 Review of fexisting i Standards d and Best Practices on Cloud Security Security Standards and Status List of

More information

Cloud Architecture and Management. M.I. Deen General Manager (Enterprise Solutions) Sri Lanka Telecom

Cloud Architecture and Management. M.I. Deen General Manager (Enterprise Solutions) Sri Lanka Telecom Cloud Architecture and Management M.I. Deen General Manager (Enterprise Solutions) Sri Lanka Telecom Cloud Computing Architecture Reference Architecture, Terminology and Definitions Akaza Cloud Architecture

More information

Cloud Computing Guide & Handbook. SAI USA Madhav Panwar

Cloud Computing Guide & Handbook. SAI USA Madhav Panwar Cloud Computing Guide & Handbook SAI USA Madhav Panwar Background 2010 WGITA approved the cloud computing project with SAI USA as lead and Canada & India as members 2011 A status report was presented and

More information

APPLICATION ANNUAL WORK PLAN (ONE OBJECTIVE PER PAGE)

APPLICATION ANNUAL WORK PLAN (ONE OBJECTIVE PER PAGE) GOVERNANCE Objective 1A Ensure program success through effective governance structures. The successful applicant will be required to work with a representative advisory group developed in consultation

More information

Framework for Improving Critical Infrastructure Cybersecurity

Framework for Improving Critical Infrastructure Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity 18 November 2015 grance@nist.gov cyberframework@nist.gov National Institute of Standards and Technology About NIST NIST s mission is to develop

More information

Cloud Computing demystified! ISACA-IIA Joint Meeting Dec 9, 2014 By: Juman Doleh-Alomary Office of Internal Audit jdoleh@wayne.edu

Cloud Computing demystified! ISACA-IIA Joint Meeting Dec 9, 2014 By: Juman Doleh-Alomary Office of Internal Audit jdoleh@wayne.edu Cloud Computing demystified! ISACA-IIA Joint Meeting Dec 9, 2014 By: Juman Doleh-Alomary Office of Internal Audit jdoleh@wayne.edu 2 If cloud computing is so simple, then what s the big deal? What is the

More information

FAA Cloud Computing Strategy

FAA Cloud Computing Strategy FAA Cloud Computing Strategy Final - Version 1.0 May 2012 Federal Aviation Administration 800 Independence Avenue, SW Washington, D.C. 20591 SIGNATURE PAGE Table of Contents 1. Executive Summary... 1 2.

More information

SESSION 605 Thursday, March 26, 2:45 PM - 3:45 PM Track: Metrics and Measurements

SESSION 605 Thursday, March 26, 2:45 PM - 3:45 PM Track: Metrics and Measurements SESSION 605 Thursday, March 26, 2:45 PM - 3:45 PM Track: Metrics and Measurements Managing Cloud Service KPIs Hank Marquis Practice Director, Cloud, Global Knowledge hank.marquis@globalknowledge.com Session

More information

Cloud Computing Standards: Overview and ITU-T positioning

Cloud Computing Standards: Overview and ITU-T positioning ITU Workshop on Cloud Computing (Tunis, Tunisia, 18-19 June 2012) Cloud Computing Standards: Overview and ITU-T positioning Dr France Telecom, Orange Labs Networks & Carriers / R&D Chairman ITU-T Working

More information

White Paper. Cloud Vademecum

White Paper. Cloud Vademecum White Paper Cloud Vademecum Cloud is the new IT paradigm this document offers a collection of thoughts, internal and external discussions and information. The goal is to inspire and stimulate the route

More information