NIST Releases Cloud Computing Security Guidance for Government Agencies

The National Institute of Standards and Technology issued a draft Cloud Computing Security Reference Architecture, Special Publication 500-299, to assist federal government agencies in analyzing risks when using cloud-based applications. NIST has previously issued U.S. Government Cloud Computing Technology Roadmap (SP 500-293), the NIST Cloud Computing Reference Architecture (SP 500-292) and other guidance documents to facilitate the cloud computing by Federal agencies. The draft publication proves a comprehensive security model, including a Risk Management Framework that provides a risk-based approach of establishing responsibilities for implementing security controls throughout the cloud life cycle. The Framework also contains a core set of security components that can be tailored to address specific agency needs. NIST will accept comments to the draft publication through July 12, 2013. 

TIP: While cloud computing offers many benefits, by its nature it presents certain security risks. When considering cloud computing, companies should be aware cloud computing security guidance such as the Federal cloud computing security standards, to mitigate security risks. While created for Federal agencies, the draft can provide helpful guidance for private corporations as well.

This tip has been created for information and planning purposes. It is not intended to be, nor should it be, substituted for legal advice, which turns on specific facts.