NIST Cloud Computing Security Reference Architecture provides a security overlay to the NIST Cloud Computing Reference Architecture published in 2011
The National Institute of Standards and Technology (NIST) has published a draft document on security for cloud computing as used in the federal government. The public comment period runs through July 12, 2013.
The 2011 NIST Cloud Computing Reference Architecture provided a template and vocabulary for federal cloud adopters to follow for a consistent implementation of cloud-based applications across the government.
This new addition, the NIST Cloud Computing Security Reference Architecture, contributes a comprehensive security model that supplements the NIST Cloud Computing Reference Architecture.
Using this model and an associated set of security components derived from the capabilities identified by the Cloud Security Alliance in its Trusted Cloud Initiative Reference Architecture, the NIST Cloud Computing Security Reference Architecture introduces a cloud-adapted Risk Management Framework for applications and/or services migrated to the cloud.
The NIST Cloud Computing Security Reference Architecture provides a case study that walks readers through steps an agency follows using the cloud-adapted Risk Management Framework while deploying a typical application to the cloud—migrating existing email, calendar and document-sharing systems as a unified, cloud-based messaging system.
Deadline for comments is July 12, 2013. Please use the template for comments and mail to Michaela Iorga at Michaela.firstname.lastname@example.org with the subject line "Comments SP 500-299."