Agencies seeking to move services to the cloud retain responsibility for ensuring the security of those services, the National Institute of Standards and Technology says in a draft special publication that proposes a security reference architecture for cloud computing. NIST's intent is to ultimately map the components to specific controls in SP 800-53, said Michaela Iorga, NIST senior security technical lead for cloud computing.
Language in President Obama's February cybersecurity executive order calling for federal agencies with regulatory power over the security of critical infrastructure to review a preliminary version of the framework and to make a determination on whether "current cybersecurity regulatory requirements are sufficient given current and projected risks" calls for a process of harmonization rather than emergence of a new regulatory model, said a National Institute of Standards and Technology official.
In the next 3 to 5 years a tremendous amount of focus will go toward developing interoperability standards for cloud computing, which will encourage broader adoption of cloud computing, said John Messina, a National Institute of Standards and Technology computer scientist and co-chair of the cloud computing reference architecture working group.
"There is a need, in terms of clarity, of what the broker's role is," said Ouyachi, while speaking at the Federal Cloud Computing Summit in Washington, D.C. A FedRAMP program for cloud brokers would be "an interesting concept," he added. Certifying brokers through a FedRAMP process could ensure transparency into the broker's relationships and also clarify roles and responsibilities, said Ouyachi.
The General Services Administration is analyzing how the National Institute of Standards and Technology's recently released Special Publication 800-53 revision 4 will impact FedRAMP.
The risk of fires spreading across what's known as the wildland-urban interface is growing each year in the United States, says a new federal report summarizing a 2012 2 day workshop examining needed areas of further research.
Six deliverables were unveiled across government May 23--20 percent of all the goals laid out in the plan. Five of the announcements were directly related to mobile adoption, use and services in the federal government, while one advances open data efforts around APIs and data.gov.
"We do this in our personal lives all the time," said Ron Ross, a fellow and senior computer scientist at NIST. "I have stuff in a safe deposit box. I can't fit everything at home in that safe deposit box, but I go through and take my very critical stuff" out of the house, whose locked doors won't stop all intrusions.
CAMBRIDGE, Md.--The National Strategy for Trusted Identities in Cyberspace will succeed where other federal attempts at offering the public a common online identity have not, said Jeremy Grant, senior executive advisor for identity management at the National Institute of Standards and Technology. Grant spoke May 21 during a panel session during the annual ACT-IAC Management of Change conference.
An analysis of comments received so far by the National Institute of Standards and Technology to the cybersecurity framework called for by President Obama's February cybersecurity executive order shows respondents so far show risk management approaches to be a matter of nearly universal concern.