NIST Drafts AC Guidance for Cloud Systems

The National Institute of Standards and Technology (NIST) is seeking comments on Draft Special Publication (SP) 800-210 which will help in understanding security challenges in cloud-based systems.

The General Access Control Guidance for Cloud Systems SP will analyze access control (AC) considerations in the three cloud service delivery models: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). It also summarized characteristics such as broad network access, resource pooling, rapid elasticity, measured service, and data sharing – all of which impact a cloud AC’s design.

“Various guidance for AC design of IaaS, PaaS, and SaaS are proposed according to their different characteristics. Recommendations for AC design in different cloud systems are also included to facilitate future implementations,” a request for comment said. “Additionally, potential policy rules are summarized for each cloud system.”

Comments on the publication are due May 15, 2020.

Jordan Smith
About Jordan Smith
Jordan Smith is a MeriTalk Staff Reporter covering the intersection of government and technology.

Categories

Recent