The National Institute of Standards and Technology (NIST) definition of Cloud Computing has gradually become the defacto definition of cloud computing. This blog posting dives a bit deeper into the resources this organization has to offer, current and in the near future.
NIST has been designated by Federal Chief Information Officer Vivek Kundra to accelerate the US federal government’s secure adoption of cloud computing by leading efforts to develop standards and guidelines in close consultation and collaboration with standards bodies, the private sector, and other stakeholders. Computer science researchers at NIST are working on two complementary efforts to speed the government’s quick and secure adoption of cloud computing.
The NIST area of focus is technology, and specifically, interoperability, portability and security requirements, standards and guidance. The intent is use the strategy to prioritize NIST tactical projects which support US government agencies in the secure and effective adoption of the cloud computing model to support their missions.The expectation is that the set of priorities (“the Roadmap”) will be useful more broadly by industry, Standards Development Organizations, cloud adopters, and policy makers.
NIST Cloud Computing Collaboration Site
This wiki is an open collaboration site for the Cloud Computing (CC) community to work with NIST in developing this framework. All material placed here is in the public domain (Please see the intellectual property statement at the bottom of this page) so it can be easily be (re)used to map each of the cloud providers initiatives and put them into perspective.
As part of the NIST plan, Working Groups were created as a public/private ownership to define standards. Follow the links below to go directly to the working group pages.
- Reference Architecture and Taxonomy
- Standards Acceleration to Jumpstart the Adoption of Cloud Computing (SAJACC)
- Cloud Security
- Standards Roadmap
- Business Use Cases
Useful Documents for Cloud Adopters
NIST publications, work-in-process, and working group products that may be helpful to US government agencies and others in making decisions regarding the effective and secure implementation of cloud computing.
- The NIST Definition of Cloud Computing NIST Special Publication 800-145
- Recommended Security Controls for Federal Information Systems and Organizations, NIST Special Publication 800-53, rev 3
- Guide to Security for Full Virtualization Technologies, NIST Special Publication 800-125
- NIST Cloud Computing Standards Roadmap NIST Special Publication 500-291
- NIST Cloud Computing Reference Architecture NIST Special Publication 500-292
- DRAFT Guidelines on Security and Privacy Issues in Public Cloud Computing, NIST Special Publication 800-144
- DRAFT NIST Cloud Computing Synopsis and Recommendations, NIST Special Publication 800-146
Demystify Cloud Computing
The latest arrival from NIST aims at providing a clear view of cloud computing, explaining cloud systems in plain language.
The final version of Cloud Computing Synopsis and Recommendations (Special Publication 800-146) is NIST’s general guide to cloud computing. It explains cloud systems in plain language and provides recommendations for information technology decision makers, including chief information officers, information systems developers, system and network administrators, information system security officers and systems owners.
NIST defines cloud computing as a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources—for example, networks, servers, storage, applications and services—that can be rapidly provisioned and released with minimal management effort or service provider interaction.
Cloud computing is a rapidly developing area with many strengths and some weaknesses. Each organization has to determine which set of cloud technologies and configurations will meet its requirements. Cloud Computing Synopsis and Recommendations explains how clouds are deployed, what kind of services are available, the economic considerations, the technical characteristics such as performance and reliability, typical terms of service, and security issues. It also offers recommendations on how and when cloud computing is an appropriate tool, and indicates the limits of current knowledge and areas for future research and analysis.