NIST Cloud Computing Program



Similar documents
Highlights & Next Steps

The NIST Cloud Computing Program

Cloud Computing A NIST Perspective & Beyond. Robert Bohn, PhD Advanced Network Technologies Division

NIST Cloud Computing Program Activities

Cloud Computing A NIST Perspective and Beyond. Robert Bohn, PhD Advanced Network Technologies Division

CLOUD SERVICE LEVEL AGREEMENTS Meeting Customer and Provider needs

NIST Cloud Computing Security Reference Architecture (SP draft)

US Government Cloud Computing Technology Roadmap Volume II Release 1.0 (Draft)

Standardizing Cloud Services for Financial Institutions through the provisioning of Service Level Agreements (SLAs)

Standards Acceleration to Jumpstart Adoption of Cloud Computing (SAJACC)

US Government Cloud Computing Technology Roadmap Volume I

A Strawman Model. NIST Cloud Computing Reference Architecture and Taxonomy Working Group. January 3, 2011

Document: NIST CCSRWG 092. First Edition

The Road to Cloud Standards via a Reference Architecture

National Institute of Standards and Technology

NIST Cloud Computing Reference Architecture

NIST Strategy to build a USG Cloud Computing Technology Roadmap

NIST Cloud Computing Reference Architecture & Taxonomy Working Group

Public Cloud Workshop Offerings

Applying Business Architecture to the Cloud

NIST Cloud Computing Standards Roadmap

Cloudy with Showers of Business Opportunities and a Good Chance of. Security. Transforming the government IT landscape through cloud technology

GAO INFORMATION TECHNOLOGY REFORM. Progress Made but Future Cloud Computing Efforts Should be Better Planned

Shared Services Canada and Cloud Computing Architecture Framework Advisory Committee

Cybersecurity Framework. Executive Order Improving Critical Infrastructure Cybersecurity

Cloud Computing Actionable Standards An Overview of Cloud Specifications

How To Use Cloud Computing For Federal Agencies

Security Issues in Cloud Computing

CLOUD COMPUTING. Agencies Need to Incorporate Key Practices to Ensure Effective Performance

ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS

Cloud Computing Best Practices. Creating Effective Cloud Computing Contracts for the Federal Government: Best Practices for Acquiring IT as a Service

Shared Services Canada. Cloud Computing

IT Security Risk Management Model for Cloud Computing: A Need for a New Escalation Approach.

JA to support the ehealth Network

Cloud Computing Technology

Shared Services Canada (SSC)

Seeing Though the Clouds

Audit of the CFPB s Acquisition and Contract Management of Select Cloud Computing Services

Cybersecurity in the Utilities Sector Best Practices and Implementation 2014 Canadian Utilities IT & Telecom Conference September 24, 2014

Expert Reference Series of White Papers. Understanding NIST s Cloud Computing Reference Architecture: Part II

A Comprehensive Study on Cloud Computing Standardization

Emerging Approaches in a Cloud-Connected Enterprise: Containers and Microservices

Document NIST XXX-0XX. First Working Draft. October 31, Draft October 31, Draft

When Security, Privacy and Forensics Meet in the Cloud

DEPARTMENT AGENCY STATEMENT OF OBJECTIVES FOR CLOUD MIGRATION SERVICES: INVENTORY, APPLICATION MAPPING, AND MIGRATION PLANNING MONTH YYYY TEMPLATE

Integrating Project Management and Service Management

The NIST Definition of Cloud Computing (Draft)

NICE and Framework Overview

NIST Coordination and Acceleration of Smart Grid Standards. Tom Nelson National Institute of Standards and Technology 8 December, 2010

Allison Stanton Director of E-Discovery U.S. Department of Justice, Civil Division

December 8, Security Authorization of Information Systems in Cloud Computing Environments

Preface Introduction

How To Write A Cybersecurity Framework

6 Cloud computing overview

Cybersecurity Framework: Current Status and Next Steps

WHITE PAPER: STRATEGIC IMPACT PILLARS FOR EFFICIENT MIGRATION TO CLOUD COMPUTING IN GOVERNMENT

The NIST Definition of Cloud Computing

The Cloud Computing Revolution: Beyond the Hype

Perspectives on Cloud Computing and Standards. Peter Mell, Tim Grance NIST, Information Technology Laboratory

VMware vcloud Powered Services

SECURITY MODELS FOR CLOUD Kurtis E. Minder, CISSP

SECURITY RISK MANAGEMENT

Cloud Computing Standards: Overview and first achievements in ITU-T SG13.

ITU- T Focus Group Cloud Compu2ng

State of Oregon. State of Oregon 1

Framework for Improving Critical Infrastructure Cybersecurity

NIST Cybersecurity Initiatives. ARC World Industry Forum 2014

Cloud Security. A Sales Guy Talks About DoD s Cautious Journey to the Public Cloud. Sean Curry Sales Executive, Aquilent

Federal Cloud Computing Initiative Overview

Service Measurement Index Framework Version 2.1

Purpose. Service Model SaaS (Applications) PaaS (APIs) IaaS (Virtualization) Use Case 1: Public Use Case 2: Use Case 3: Public.

Allison Stanton, Director of E-Discovery U.S. Department of Justice, Civil Division. U.S. Department of Agriculture

PROTIVITI FLASH REPORT

ITIL AS A FRAMEWORK FOR MANAGEMENT OF CLOUD SERVICES

Cloud Architecture and Management. M.I. Deen General Manager (Enterprise Solutions) Sri Lanka Telecom

Cloud Computing Guide & Handbook. SAI USA Madhav Panwar

APPLICATION ANNUAL WORK PLAN (ONE OBJECTIVE PER PAGE)

Framework for Improving Critical Infrastructure Cybersecurity

Cloud Computing demystified! ISACA-IIA Joint Meeting Dec 9, 2014 By: Juman Doleh-Alomary Office of Internal Audit

FAA Cloud Computing Strategy

Cloud Computing Standards: Overview and ITU-T positioning

White Paper. Cloud Vademecum

Transcription:

NIST Program USG Roadmap Top 10 high priority requirements to accelerate USG adoption of the model NIST Mission: To promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life Robert Rathe CASC, February 29, 2012 Robert Bohn, Program Manager NIST 1 Program

Unchanged: NIST Program Goal Accelerate the federal government s adoption of cloud computing* Build a USG Roadmap which focuses on the highest priority USG cloud computing security, interoperability and portability requirements Lead efforts to develop standards and guidelines in close consultation and collaboration with standards bodies, the private sector, and other stakeholders * REF http://www.cio.gov/documents/federal---strategy.pdf 2 NIST 2 Program

S T R A T E G I C NIST CC Definition May 2010 Workshop I REVISITING NIST CLOUD COMPUTING PROGRAM (PHASE 1) INITIATIVE TO BUILD A USG CLOUD COMPUTING TECHNOLOGY ROADMAP Outreach & Fact finding with USG, Industry, SDOs Evaluate past models & lessons learned Define fresh approach to support secure & effective USG cloud computing adoption, prioritize interoperability, portability, & security requirements, collaborate, more quickly respond to operational needs Tactical efforts Nov 2010 Workshop II Launch CC Strategic Program Initiate Stakeholder Meetings Collaboratively define working group scope & resources Refine Plan March 2011 Workshop III Execute CC Strategic program Continue Stakeholder meetings Integrate results into tactical priorities How to build a USG Roadmap 1. Define Target USG Use Cases 2. Define Neutral Reference Architecture & Taxonomy 3. Generate Roadmap Translate Requirements & Identify Gaps Oct 2011 Workshop IV Complete 1 st draft USG Roadmap Interagency Report Assess Results & Replan 3 NIST 3 Program

Volume I - Highlights USG Roadmap requirements* - high priorities to further USG Adoption: Requirement 1: International voluntary consensus based interoperability, portability and security standards Requirement 2: Solutions for high priority Security Requirements Top 10 High Priority USG Requirements to accelerate secure & effective cloud adoption (interoperability, portability, security) And.There are practical reasons why the requirements that are needed for USG agencies to securely & effectively deploy the model are also needed by the broad cloud computing stakeholder community Requirement 3: Technical specifications to enable development of consistent, high quality Service Level Agreements Requirement 4: Clearly and consistently categorized cloud services Requirement 5: Frameworks to support seamless implementation of federated community cloud environments Requirement 6: Technical security solutions which are decoupled from organizational policy decisions Requirement 7: Defined unique government regulatory requirements, technology gaps, and solutions Requirement 8: Collaborative parallel strategic future cloud development initiatives Requirement 9: Defined and implemented reliability design goals Requirement 10: Defined and implemented cloud service metrics NIST 4 Program *relationship to interoperability, portability, and security 4 guidance, standards, & technology highlighted in roadmap

Security Privacy Volume II - Highlights Useful Information for Adopters Summary of the work completed November 2010 through September 2011 in projects & working groups Analysis supports high priority requirements introduced in Volume I References to detailed publications & external work NIST Reference Architecture (& Taxonomy) SP 500-292 Sept 2011 Summary of USG target business use case templates & initial set SAJACC technical use case summary spec 1 spec 2 Specifications Use Cases Case 1 Case 2 Validation Exercises Spec 1 Test 1 Spec 2 Test 2 Spec n Test n Standards Roadmap SP 500-291 July 2011 standards & gap analysis Consumer Auditor Securit y Audit Privacy Impact Audit Perfor mance Audit Service Layer IaaS SaaS PaaS Resource Abstraction and Control Layer Physical Resource Hardware Layer Facility Provider Carrier Community Outreach Service Manage ment Business Support Provisio ning/ Configur ation Portabili ty/ Interoper ability NIST Standards Portal Use Cases Validated Specifications standards Existing Standards Working Groups information Reference Implementations Standards Development Organizations High Priority Security Requirements - challenges, requirements overview, risk mitigation measures Other related work - Reliability Research in -based Complex Systems Koala SLA taxonomy, Broker Service Intermed iation Service Aggregat ion Service Arbitrag e NIST 5 Program

We have practical opportunities to leverage our efforts one is identifying complementary efforts the NIST Roadmap refers to as Priority Action Plans 6 Strategic Program (continue phase 1 activities and ) How to build a USG Roadmap 1. Define Target USG Business Use Cases 2. REFINE & APPLY Neutral CC Reference Architecture & Taxonomy priorities risks obstacles 3. UPDATE Roadmap Translate Requirements & Identify Gaps Vendors map services NIST Tactical Program USG Roadmap... leverage Priority Action Plans (PAPs) selected for self-tasking by Stakeholder Community Assess & Track: USG CC High Priority Requirements met by Priority Action Plans (self-tasked by NIST and other CC stakeholders) Rqmt 1: International consensus interoperability, security, portability standards Rqmt 2: Solutions for High Priority Security requirements Rqmt 3: Technical Specifications to enable high quality SLAs. Rqmt 10: Defined and Implemented cloud service metrics Integrate results into tactical priorities Measure Results NIST Program

USG Roadmap requirements - high priorities to further USG Adoption: Encourage standards & compensate with Service Level Agreements to require demonstration of data/system portability between providers Requirement 1: International voluntary consensus based interoperability, portability and security standards (interoperability, portability, and security standards) Requirement 2: Solutions for high priority Security Requirements (security technology) Recommended Priority Action Plans are tactical as well as strategic Examples of Priority Action Plans & interim solutions to apply while cloud solutions are maturing Request that cloud service vendors map their offerings to a common reference (i.e. NIST Reference Architecture) so that it is easier to compare services Define unique USG/mission/sector/business Requirements (e.g. 508 compliance, e-discovery, record retention) Requirement 3: Technical specifications to enable development of consistent, high quality Service Level Agreements (interoperability, portability, and security standards and guidance) Requirement 4: Clearly and consistently categorized cloud services (interoperability and portability guidance and technology) Requirement 5: Frameworks to support seamless implementation of federated community cloud environments (interoperability and portability guidance and technology) Requirement 6: Technical security solutions which are de-coupled from organizational policy decisions (security guidance, standards and technology) Requirement 7: Defined unique government regulatory requirements, technology gaps, and solutions (interoperability, portability and security technology) Requirement 8: Collaborative parallel strategic future cloud development initiatives (interoperability, portability, and security technology) Requirement 9: Defined and implemented reliability design goals (interoperability, portability, and security technology) Requirement 10: Defined and implemented cloud service metrics (interoperability and portability standards) 7 NIST 7 Program

NIST COMPUTING PROGRAM TIMELINE (PHASE 2) 8 S T R A T E G I C Analyze Phase 1 working group & project results Complete 1 st draft for public comment USG Roadmap Version 1 SP 500-293 Nov 2011 Workshop IV Re-Assess Progress & Phase 2 Plan March 2012 Workshop V Initiate Program Phase II Integrate & track USG Roadmap Priority Action Plans (PAPs) with external stakeholders Integrate results into tactical priorities Measure Results Nov 2012 Workshop VI USG Roadmap Version 2 Tactical efforts Public & Federal Standards & working groups Standards liaison, SAJACC, FedRamp & other technical advisory, Guidance, Koala NIST Special Pubs Guidelines on Security and Privacy 800-144 Definition of..800-145 CC Synopsis & Recommendations..800-146 CC Standards Roadmap 500-291 CC Reference Architecture...500-292 USG CC Roadmap Draft... 500-293 NIST Program Planned NIST Special Pubs Challenging Security Requirements for US Government CC Adoption Revised USG CC Roadmap... 500-293 1. Vol I High-priority requirements to Further USG Agency CC Adoption 2. Vol II Useful Information for Adopters 3. Draft Vol. III Technical Considerations for USG CC Deployment Decisions

9 NIST invites you to collaborate with us on! US Federal references: www.cio.gov Public NIST cloud web site: http://www.nist.gov/itl/cloud/ United States Department of Commerce National Institute of Standards and Information Laboratory 100 Bureau Drive Stop 2000 Gaithersburg, MD 20899-2000 Tel: (301) 975-4090, cloudcomputing@nist.gov NIST Program

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information