NIST releases cloud computing standards

Wednesday - 2/2/2011, 3:53pm EST

By Jolie Lee
Federal News Radio

The National Institute of Standards and Technology (NIST) issued two draft documents on cloud computing standards open for public comment.

The guidelines follow Federal Chief Information Officer Vivek Kundra's call for faster adoption of cloud computing in the government. Also, the Office of Management and Budget told agencies in December to identify three "must move" technologies that will go to the cloud by March and move one of them by the end of 2011.

According to the NIST website, the first document offers a definition of cloud computing:

Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.

The document includes a list of cloud characteristics and deployment models.

The second document - Guidelines on Security and Privacy in Public Cloud Computing - lays out the standards for public cloud computing, including:

  • Carefully plan the security and privacy aspects of cloud computing solutions before engaging them.

  • Understand the public cloud computing environment offered by the cloud provider and ensure that a cloud computing solution satisfies organizational security and privacy requirements.

  • Ensure that the client-side computing environment meets organization security and privacy requirements for cloud computing.

  • Maintain accountability over the privacy and security of data and applications implemented and deployed in public cloud computing environments.

The public can comment by email for the definition document or the guidelines document by Feb. 28.

NIST also launched a new website that explains the department's cloud computing program and includes cloud events.