NIST releases draft trusted cloud geolocation proof of concept


Security challenges involving infrastructure-as-a-service cloud computing technologies and geolocation are being addressed in a draft proof of concept implementation document (.pdf) from the National Institute of Standards and Technology.

Determining the approximate physical location of a cloud computing server is known as geolocation, "but traditional geolocation methods are not secured and they are enforced through management and operational controls that cannot be automated and scaled, and therefore traditional geolocation methods cannot be trusted to meet cloud security needs," NIST says.

The proof of concept is an attempt to improve cloud security and accelerate cloud adoption via an automated hardware root of trust method to oversee geolocation restrictions for cloud servers.

NIST drafted the document as part of its statutory responsibilities for developing information security standards and guidelines under the Federal Information Security Management Act. The public comment period on the draft ends Jan. 31.

For more:
- download NIST Interagency Report 7904 (.pdf)

Related Articles:
NIST: No uniform approach to identity management
NIST issues IT supply chain risk management guide
NIST calls for explicit cybersecurity risk methodologies