NISI
`
`National Institute of
`Standards and Technology
`U.S. Department of Commerce
`
` Special Publication 500-291, Version 2
`Special Publication 500-291, Version 2
`
`
`
`
`
`
`
`
`
`NIST Cloud Computing
`
`NIST Cloud Computing
`Standards Roadmap
`
`Standards Roadmap
`
`
`
`
`
`
`NIST Cloud Computing Standards Roadmap Working Group
`NIST Cloud Computing Standards Roadmap Working Group
`NIST Cloud Computing Program
`NIST Cloud Computing Program
`Information Technology Laboratory
`Information Technology Laboratory
`
`
`
`
`
`
`
`
`
`
`
`
`
`NErNational
`
`Institute of Standards and Technology • U.S. Department of Commerce
`
`
`
`
`
`WIZ, Inc. EXHIBIT - 1021
`WIZ, Inc. v. Orca Security LTD.
`
`WIZ, Inc. EXHIBIT - 1021
`WIZ, Inc. v. Orca Security LTD.
`
`
`
`National Institute of
`Standards and Technology
`U.S. Department of Commerce
`
` Special Publication 500-291, Version 2
`Special Publication 500-291, Version 2
`
`
`
`
`
`
`
`
`
`NIST Cloud Computing
`
`NIST Cloud Computing
`Standards Roadmap
`
`Standards Roadmap
`
`
`
`
`
`
`NIST Cloud Computing Standards Roadmap Working Group
`NIST Cloud Computing Standards Roadmap Working Group
`NIST Cloud Computing Program
`NIST Cloud Computing Program
`Information Technology Laboratory
`Information Technology Laboratory
`
`
`
`
`
`
`
`
`
`
`
`
`
`NErNational
`
`Institute of Standards and Technology • U.S. Department of Commerce
`
`
`
`
`
`WIZ, Inc. EXHIBIT - 1021
`WIZ, Inc. v. Orca Security LTD.
`
`WIZ, Inc. EXHIBIT - 1021
`WIZ, Inc. v. Orca Security LTD.
`
`
`
`NIST CLOUD COMPUTING STANDARDS ROADMAP
`NIST CLOUD COMPUTING STANDARDS ROADMAP
`
`
`
`
`
`
`
`This page left intentionally blank
`This page left intentionally blank
`
`
`
`
`
`ii
`
`NIST CLOUD COMPUTING STANDARDS ROADMAP
`
`This page left intentionally blank
`
`1
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`NIST Special Publication 500-291,
`NIST Special Publication 500-291,
`Version 2
`Version 2
`(Supersedes Version 1.0, July 2011)
`(Supersedes Version 1.0, July 2011)
`
`NIST Cloud Computing
`NIST Cloud Computing
`Standards Roadmap
`Standards Roadmap
`
`
`
`NIST Cloud Computing Standards
`NIST Cloud Computing Standards
`
`Roadmap Working Group
`Roadmap Working Group
`
`July 2013
` July 2013
`
`
`
`vc c.)
`
``STATES o* I"
`
`U. S. Department of Commerce
`U. S. Department of Commerce
`Penny Pritzker, Secretary
`Penny Pritzker, Secretary
`
`National Institute of Standards and Technology
`National Institute of Standards and Technology
`Patrick D. Gallagher, Under Secretary of Commerce for Standards and Technology and Director
`Patrick D. Gallagher, Under Secretary of Commerce for Standards and Technology and Director
`
`
`
`
`
`
`
`
`
`NIST CLOUD COMPUTING STANDARDS ROADMAP
`NIST CLOUD COMPUTING STANDARDS ROADMAP
`
`
`
`
`
`
`
`
`
`This page left intentionally blank
`This page left intentionally blank
`
`iv
`
`NIST CLOUD COMPUTING STANDARDS ROADMAP
`
`This page left intentionally blank
`
`iv
`
`
`
`NIST CLOUD COMPUTING STANDARDS ROADMAP
`NIST CLOUD COMPUTING STANDARDS ROADMAP
`
`
`
`Reports on Computer Systems Technology
`Reports on Computer Systems Technology
`
`The Information Technology Laboratory (ITL) at the National Institute of Standards and
`The Information Technology Laboratory (ITL) at the National Institute of Standards and
`Technology (NIST) promotes the U.S. economy and public welfare by providing technical
`Technology (NIST) promotes the U.S. economy and public welfare by providing technical
`leadership for the nation's measurement and standards infrastructure. ITL develops tests, test
`leadership for the nation’s measurement and standards infrastructure. ITL develops tests, test
`methods, reference data, proof of concept implementations, and technical analysis to advance the
`methods, reference data, proof of concept implementations, and technical analysis to advance the
`development and productive use of information technology. ITL's responsibilities include the
`development and productive use of information technology. ITL’s responsibilities include the
`development of technical, physical, administrative, and management standards and guidelines for
`development of technical, physical, administrative, and management standards and guidelines for
`the cost-effective security and privacy of sensitive unclassified information in federal computer
`the cost-effective security and privacy of sensitive unclassified information in federal computer
`systems. This document reports on ITL's research, guidance, and outreach efforts in Information
`systems. This document reports on ITL’s research, guidance, and outreach efforts in Information
`Technology and its collaborative activities with industry, government, and academic organizations.
`Technology and its collaborative activities with industry, government, and academic organizations.
`
`
`
`
`
`
`
`
`
`
`
`
`
`National Institute of Standards and Technology Special Publication 500-291 V2
`National Institute of Standards and Technology Special Publication 500-291 V2
`
`Natl. Inst. Stand. Technol. Spec. Publ. 500-291, 108 pages (May 24, 2013)
`Natl. Inst. Stand. Technol. Spec. Publ. 500-291, 108 pages (May 24, 2013)
`
`DISCLAIMER
`DISCLAIMER
`
`This document has been prepared by the National Institute of Standards and Technology
`This document has been prepared by the National Institute of Standards and Technology
`(NIST) and describes standards research in support of the NIST Cloud Computing
`(NIST) and describes standards research in support of the NIST Cloud Computing
`Program.
`Program.
`
`Certain commercial entities, equipment, or material may be identified in this document in
`Certain commercial entities, equipment, or material may be identified in this document in
`order to describe a concept adequately. Such identification is not intended to imply
`order to describe a concept adequately. Such identification is not intended to imply
`recommendation or endorsement by the National Institute of Standards and Technology,
`recommendation or endorsement by the National Institute of Standards and Technology,
`nor is it intended to imply that these entities, materials, or equipment are necessarily the
`nor is it intended to imply that these entities, materials, or equipment are necessarily the
`best available for the purpose.
`best available for the purpose.
`
`
`
`
`
`v
`v
`
`
`
`NIST CLOUD COMPUTING STANDARDS ROADMAP
`NIST CLOUD COMPUTING STANDARDS ROADMAP
`
`
`
`Acknowledgements
`Acknowledgements
`This document is an update of the first version, which was published in July 2011. It reflects the
`This document is an update of the first version, which was published in July 2011. It reflects the
`contributions and discussions by the membership of the NIST Cloud Computing Standards Roadmap
`contributions and discussions by the membership of the NIST Cloud Computing Standards Roadmap
`Working Group, chaired by Michael Hogan and Annie Sokol of the Information Technology Laboratory,
`Working Group, chaired by Michael Hogan and Annie Sokol of the Information Technology Laboratory,
`National Institute of Standards and Technology, U.S. Department of Commerce.
`National Institute of Standards and Technology, U.S. Department of Commerce.
`
`NIST SP 500-291, Version 2 has been collaboratively authored by the NIST Cloud Computing Standards
`NIST SP 500-291, Version 2 has been collaboratively authored by the NIST Cloud Computing Standards
`Roadmap Working Group. As of the date of this publication, there are over one thousand Working Group
`Roadmap Working Group. As of the date of this publication, there are over one thousand Working Group
`participants from industry, academia, and government. Federal agency participants include NASA and the
`participants from industry, academia, and government. Federal agency participants include NASA and the
`U.S. Departments of Agriculture, Commerce, Defense, Health & Human Services, Homeland Security,
`U.S. Departments of Agriculture, Commerce, Defense, Health & Human Services, Homeland Security,
`Justice, Transportation, Treasury, State, and Veterans Affairs.
`Justice, Transportation, Treasury, State, and Veterans Affairs.
`
`NIST would like to acknowledge the specific contributions from the following Working Group members:
`NIST would like to acknowledge the specific contributions from the following Working Group members:
`
`
`Alan Sill, Open Grid Forum
`Alan Sill, Open Grid Forum
`
`Michaela Iorga, NIST
`Michaela Iorga, NIST
`
`Annie Sokol, NIST
`Annie Sokol, NIST
`
`Nancy Landreville, University of Maryland
`Nancy Landreville, University of Maryland
`
`Craig Lee, Open Grid Forum
`Craig Lee, Open Grid Forum
`
`P W Carey, Compliance Partners, LLC
`P W Carey, Compliance Partners, LLC
`
`David Harper, Johns Hopkins University
`David Harper, Johns Hopkins University
`
`Paul Lipton, CA Technologies
`Paul Lipton, CA Technologies
`
`Eugene Luster, U.S. Department of Defense
`Eugene Luster, U.S. Department of Defense
`
`Richard Brackney, Microsoft
`Richard Brackney, Microsoft
`
`Frederic de Vaulx, NIST
`Frederic de Vaulx, NIST
`
`Robert Bohn, NIST
`Robert Bohn, NIST
`
`Gary Massaferro, AlloyCloud, Inc.
`Gary Massaferro, AlloyCloud, Inc.
`
`Robert Marcus, Cloud Standards Customer Council
`Robert Marcus, Cloud Standards Customer Council
`
`Gilbert Pilz, Oracle Corporation
`Gilbert Pilz, Oracle Corporation
`
`Shin Adachi, NTT Multimedia Communications Labs
`Shin Adachi, NTT Multimedia Communications Labs
`
`Jerry Smith, US Department of Defense
`Jerry Smith, US Department of Defense
`
`Steven McGee, SAW Concepts LLC
`Steven McGee, SAW Concepts LLC
`
`John Calhoon, Microsoft
`John Calhoon, Microsoft
`
`John Messina, NIST
`John Messina, NIST
`
`Michael Hogan, NIST
`Michael Hogan, NIST
`
`Steven Woodward, Woodward Systems
`Steven Woodward, Woodward Systems
`
`Sundararajan Ramanathan, Capgemini US Consulting
`Sundararajan Ramanathan, Capgemini US Consulting
`
`Winston Bumpus, DMTF, VMWare Inc.
`Winston Bumpus, DMTF, VMWare Inc.
`
`Michael Stewart, Space and Naval Warfare
`Michael Stewart, Space and Naval Warfare
`Systems Command
`Systems Command
`
`
`
`
`
`The NIST editors for this document were: Michael Hogan and Annie Sokol.
`The NIST editors for this document were: Michael Hogan and Annie Sokol.
`
`vi
`vi
`
`
`
`NIST CLOUD COMPUTING STANDARDS ROADMAP
`NIST CLOUD COMPUTING STANDARDS ROADMAP
`
`
`
`TABLE OF CONTENTS
`
`1
`1
`
`2
`2
`
`3
`3
`
`4
`4
`
`1
`EXECUTIVE SUMMARY
`EXECUTIVE SUMMARY ..................................................................................................................................... 1
`
`5
`INTRODUCTION
`INTRODUCTION ................................................................................................................................................... 5
`
`5
`2.1 BACKGROUND
`2.1 BACKGROUND.................................................................................................................................................. 5
`2.2 NIST CLOUD COMPUTING VISION
`6
`2.2 NIST CLOUD COMPUTING VISION ............................................................................................................... 6
`2.3 NIST CLOUD COMPUTING STANDARDS ROADMAP WORKING GROUP
`7
`2.3 NIST CLOUD COMPUTING STANDARDS ROADMAP WORKING GROUP ............................................. 7
`2.4 HOW THIS REPORT WAS PRODUCED
`7
`2.4 HOW THIS REPORT WAS PRODUCED .......................................................................................................... 7
`
`8
`THE NIST DEFINITION OF CLOUD COMPUTING
`THE NIST DEFINITION OF CLOUD COMPUTING ....................................................................................... 8
`
`11
`CLOUD COMPUTING REFERENCE ARCHITECTURE
`CLOUD COMPUTING REFERENCE ARCHITECTURE...............................................................................11
`
`11
`4.1 OVERVIEW
`4.1 OVERVIEW .......................................................................................................................................................11
`4.2 CLOUD CONSUMER
`14
`4.2 CLOUD CONSUMER ........................................................................................................................................14
`4.3 CLOUD PROVIDER
`16
`4.3 CLOUD PROVIDER ..........................................................................................................................................16
`4.3.1
`SERVICE DEPLOYMENT
`17
`4.3.1
`SERVICE DEPLOYMENT .........................................................................................................................17
`4.3.2
`SERVICEORCHESTRATION
`18
`4.3.2
`SERVICEORCHESTRATION ....................................................................................................................18
`4.3.3 CLOUD SERVICE MANAGEMENT
`19
`4.3.3 CLOUD SERVICE MANAGEMENT .........................................................................................................19
`4.3.4
`SECURITY
`20
`4.3.4
`SECURITY .................................................................................................................................................20
`4.3.5
`PRIVACY
`21
`4.3.5
`PRIVACY ...................................................................................................................................................21
`4.4 CLOUD AUDITOR
`23
`4.4 CLOUD AUDITOR ............................................................................................................................................23
`4.5 CLOUD BROKER
`23
`4.5 CLOUD BROKER ..............................................................................................................................................23
`4.6 CLOUD CARRIER
`24
`4.6 CLOUD CARRIER .............................................................................................................................................24
`
`5
`5
`
`25
`CLOUD COMPUTING USE CASES
`CLOUD COMPUTING USE CASES ...................................................................................................................25
`
`25
`5.1 BUSINESS USE CASES
`5.1 BUSINESS USE CASES ....................................................................................................................................25
`5.2 TECHNICAL USE CASES
`26
`5.2 TECHNICAL USE CASES ................................................................................................................................26
`5.3 DEPLOYMENT SCENARIO PERSPECTIVE
`26
`5.3 DEPLOYMENT SCENARIO PERSPECTIVE ..................................................................................................26
`
`6
`6
`
`32
`CLOUD COMPUTING STANDARDS
`CLOUD COMPUTING STANDARDS ................................................................................................................32
`
`32
`INFORMATION AND COMMUNICATION TECHNOLOGIES (IT) STANDARDS LIFE CYCLE
`6.1
`INFORMATION AND COMMUNICATION TECHNOLOGIES (IT) STANDARDS LIFE CYCLE .............32
`6.1
`6.2 THE ROLE OF CONFORMITY ASSESSMENT TO STANDARDS
`33
`6.2 THE ROLE OF CONFORMITY ASSESSMENT TO STANDARDS ...............................................................33
`6.2.1
`CONFORMITY ASSESSMENT ACTIVITIES
`34
`6.2.1 CONFORMITY ASSESSMENT ACTIVITIES ............................................................................................34
`6.2.2 GOVERNMENT USE OF CONFORMITY ASSESSMENT SYSTEMS
`35
`6.2.2 GOVERNMENT USE OF CONFORMITY ASSESSMENT SYSTEMS .......................................................35
`6.2.3
`VISUALIZATION OF CONFORMITY ASSESSMENT PROCESSES
`36
`6.2.3
`VISUALIZATION OF CONFORMITY ASSESSMENT PROCESSES ........................................................36
`6.2.4 CURRENT STATE OF CONFORMITY ASSESSMENT IN CLOUD COMPUTING
`38
`6.2.4 CURRENT STATE OF CONFORMITY ASSESSMENT IN CLOUD COMPUTING .................................38
`6.3 CATEGORIZING THE STATUS OF STANDARDS
`39
`6.3 CATEGORIZING THE STATUS OF STANDARDS .......................................................................................39
`6.4 CLOUD COMPUTING STANDARDS FOR INTEROPERABILITY AND PORTABILITY
`40
`6.4 CLOUD COMPUTING STANDARDS FOR INTEROPERABILITY AND PORTABILITY .........................40
`6.4.1 CLOUD STANDARDS FOR INTEROPERABILITY
`40
`6.4.1 CLOUD STANDARDS FOR INTEROPERABILITY ..........................................................................40
`6.4.2 CLOUD COMPUTING STANDARDS FOR PORTABILITY
`42
`6.4.2 CLOUD COMPUTING STANDARDS FOR PORTABILITY ...........................................................42
`6.4.3
`SUMMARY ON INTEROPERABILITY AND PORTABILITY
`43
`SUMMARY ON INTEROPERABILITY AND PORTABILITY ..........................................................43
`6.4.3
`6.5 CLOUD COMPUTING STANDARDS FOR SECURITY
`44
`6.5 CLOUD COMPUTING STANDARDS FOR SECURITY ................................................................................44
`6.6 CLOUD COMPUTING STANDARDS FOR PERFORMANCE
`47
`6.6 CLOUD COMPUTING STANDARDS FOR PERFORMANCE ......................................................................47
`6.6.1 CLOUD STANDARDS FOR SERVICE AGREEMENTS
`48
`6.6.1 CLOUD STANDARDS FOR SERVICE AGREEMENTS ...........................................................................48
`6.6.2
`CLOUD STANDARDS FOR MONITORING
`49
`6.6.2 CLOUD STANDARDS FOR MONITORING .............................................................................................49
`6.7 CLOUD COMPUTING STANDARDS FOR ACCESSIBILITY
`49
`6.7 CLOUD COMPUTING STANDARDS FOR ACCESSIBILITY ......................................................................49
`
`7
`7
`
`51
`CLOUD COMPUTING STANDARDS MAPPING
`CLOUD COMPUTING STANDARDS MAPPING ............................................................................................51
`
`52
`7.1 SECURITY STANDARDS MAPPING
`7.1 SECURITY STANDARDS MAPPING .............................................................................................................52
`7.2
`INTEROPERABILITY STANDARDS MAPPING
`58
`7.2
`INTEROPERABILITY STANDARDS MAPPING ...........................................................................................58
`7.3 PORTABILITY STANDARDS MAPPING
`59
`7.3 PORTABILITY STANDARDS MAPPING .......................................................................................................59
`
`vii
`vii
`
`
`
`NIST CLOUD COMPUTING STANDARDS ROADMAP
`NIST CLOUD COMPUTING STANDARDS ROADMAP
`
`
`
`60
`7.4 PERFORMANCE STANDARDS MAPPING
`7.4 PERFORMANCE STANDARDS MAPPING....................................................................................................60
`7.5 ACCESSIBILITY STANDARDS MAPPING
`61
`7.5 ACCESSIBILITY STANDARDS MAPPING....................................................................................................61
`
`62
`8 ANALYZING USE CASES TO IDENTIFY STANDARDS GAPS
`8
`ANALYZING USE CASES TO IDENTIFY STANDARDS GAPS ...................................................................62
`
`8.1 USE CASE: CREATING, ACCESSING, UPDATING, DELETING DATA OBJECTS IN CLOUD
`8.1 USE CASE: CREATING, ACCESSING, UPDATING, DELETING DATA OBJECTS IN CLOUD
`62
`SYSTEMS
`SYSTEMS ....................................................................................................................................................................62
`8.2 USE CASE: MOVING VMS, VIRTUAL APPLIANCES, SERVICES, AND APPLIANCES BETWEEN
`8.2 USE CASE: MOVING VMS, VIRTUAL APPLIANCES, SERVICES, AND APPLIANCES BETWEEN
`63
`CLOUDS
`CLOUDS ......................................................................................................................................................................63
`8.3 USE CASE: SELECTING THE BEST IAAS CLOUD VENDOR, PUBLIC OR PRIVATE
`63
`8.3 USE CASE: SELECTING THE BEST IAAS CLOUD VENDOR, PUBLIC OR PRIVATE ............................63
`8.4 USE CASE: PORTABLE TOOLS FOR MONITORING AND MANAGING CLOUD SYSTEMS
`63
`8.4 USE CASE: PORTABLE TOOLS FOR MONITORING AND MANAGING CLOUD SYSTEMS ................63
`8.5 USE CASE: MOVING DATA BETWEEN CLOUD SYSTEMS
`64
`8.5 USE CASE: MOVING DATA BETWEEN CLOUD SYSTEMS ......................................................................64
`8.6 USE CASE: SINGLE SIGN-ON ACCESS TO MULTIPLE CLOUD SYSTEMS
`65
`8.6 USE CASE: SINGLE SIGN-ON ACCESS TO MULTIPLE CLOUD SYSTEMS ............................................65
`8.7 USE CASE: ORCHESTRATED PROCESSES ACROSS CLOUD SYSTEMS AND ENTERPRISE
`8.7 USE CASE: ORCHESTRATED PROCESSES ACROSS CLOUD SYSTEMS AND ENTERPRISE
`65
`SYSTEMS
`SYSTEMS ....................................................................................................................................................................65
`8.8 USE CASE: DISCOVERING CLOUD RESOURCES
`66
`8.8 USE CASE: DISCOVERING CLOUD RESOURCES ......................................................................................66
`8.9 USE CASE: EVALUATING SLAS AND PENALTIES
`67
`8.9 USE CASE: EVALUATING SLAS AND PENALTIES ....................................................................................67
`8.10 USE CASE: AUDITING CLOUD SYSTEMS
`67
`8.10 USE CASE: AUDITING CLOUD SYSTEMS ...................................................................................................67
`8.11 END-TO-END: CLOUD RESOURCE MANAGEMENT USE CASE
`68
`8.11 END-TO-END: CLOUD RESOURCE MANAGEMENT USE CASE..............................................................68
`
`9
`9
`
`69
`USG PRIORITIES TO FILL CLOUD COMPUTING STANDARDS GAPS
`USG PRIORITIES TO FILL CLOUD COMPUTING STANDARDS GAPS ..................................................69
`
`69
`9.1 AREAS OF STANDARDIZATION GAPS
`9.1 AREAS OF STANDARDIZATION GAPS ........................................................................................................69
`9.1.1
`SAASFUNCTIONAL INTERFACES
`70
`9.1.1
`SAAS FUNCTIONAL INTERFACES .........................................................................................................70
`9.1.2
`SAAS SELF-SER VICE MANAGEMENT INTERFACES
`70
`9.1.2
`SAAS SELF-SERVICE MANAGEMENT INTERFACES ............................................................................70
`9.1.3
`PARS FUNCTIONAL INTERFACES
`70
`9.1.3
`PAAS FUNCTIONAL INTERFACES .........................................................................................................70
`9.1.4 BUSINESS SUPPORT, PROVISIONING AND CONFIGURATION
`70
`9.1.4
`BUSINESS SUPPORT, PROVISIONING AND CONFIGURATION .........................................................70
`9.1.5
`SECURITY
`71
`9.1.5
`SECURITY .................................................................................................................................................71
`9.1.6 ACCESSIBILITY
`71
`9.1.6
`ACCESSIBILITY ........................................................................................................................................71
`9.2 STANDARDIZATION PRIORITIES BASED ON USG CLOUD COMPUTING ADOPTION PRIORITIES 72
`9.2 STANDARDIZATION PRIORITIES BASED ON USG CLOUD COMPUTING ADOPTION PRIORITIES 72
`9.2.1
`SECURITY AUDITING AND COMPLIANCE
`72
`9.2.1
`SECURITY AUDITING AND COMPLIANCE ...........................................................................................72
`9.2.2
`IDENTITY AND ACCESS MANAGEMENT
`73
`9.2.2
`IDENTITY AND ACCESS MANAGEMENT ..............................................................................................73
`9.2.3
`SAAS APPLICATION SPECIFIC DATA AND METADATA
`73
`9.2.3
`SAAS APPLICATION SPECIFIC DATA AND METADATA .....................................................................73
`9.2.4 RESOURCE DESCRIPTION AND DISCOVERY
`73
`9.2.4
`RESOURCE DESCRIPTION AND DISCOVERY ......................................................................................73
`9.2.5
`SUMMARY OF STANDARDIZATION GAPS AND STANDARDIZATION PRIORITIES
`74
`9.2.5
`SUMMARY OF STANDARDIZATION GAPS AND STANDARDIZATION PRIORITIES .........................74
`
`76
`10 CONCLUSIONS AND RECOMMENDATIONS
`10 CONCLUSIONS AND RECOMMENDATIONS ................................................................................................76
`
`76
`10.1 CONCLUSIONS
`10.1 CONCLUSIONS .................................................................................................................................................76
`10.2 RECOMMEDATION TO USG AGENCIES TO HELP ACCELERATE THE DEVELOPMENT AND USE
`10.2 RECOMMEDATION TO USG AGENCIES TO HELP ACCELERATE THE DEVELOPMENT AND USE
`OF CLOUD COMPUTING STANDARDS
`76
`OF CLOUD COMPUTING STANDARDS .......................................................................................................76
`
`78
`11 BIBLIOGRAPHY
`11 BIBLIOGRAPHY...................................................................................................................................................78
`
`12 APPENDIX A - NIST FEDERAL INFORMATION PROCESSING STANDARDS AND SPECIAL
`12 APPENDIX A – NIST FEDERAL INFORMATION PROCESSING STANDARDS AND SPECIAL
`80
`PUBLICATIONS RELEVANT TO CLOUD COMPUTING
`PUBLICATIONS RELEVANT TO CLOUD COMPUTING ............................................................................80
`
`81
`13 APPENDIX B - DEFINITIONS
`13 APPENDIX B – DEFINITIONS............................................................................................................................81
`
`86
`14 APPENDIX C - ACRONYMS
`14 APPENDIX C – ACRONYMS ..............................................................................................................................86
`
`89
`15 APPENDIX D - STANDARDS DEVELOPING ORGANIZATIONS
`15 APPENDIX D – STANDARDS DEVELOPING ORGANIZATIONS ..............................................................89
`
`97
`16 APPENDIX E - CONCEPTUAL MODELS AND ARCHITECTURES
`16 APPENDIX E – CONCEPTUAL MODELS AND ARCHITECTURES...........................................................97
`
`98
`17 APPENDIX F - EXAMPLES OF USG CRITERIA FOR SELECTION OF STANDARDS
`17 APPENDIX F – EXAMPLES OF USG CRITERIA FOR SELECTION OF STANDARDS ..........................98
`
`
`
`viii
`viii
`
`
`
`NIST CLOUD COMPUTING STANDARDS ROADMAP
`NIST CLOUD COMPUTING STANDARDS ROADMAP
`
`
`
`LIST OF FIGURES
`12
`FIGURE 1 - CLOUD ACTORS
`FIGURE 1 – CLOUD ACTORS ................................................................................................................ 12
`FIGURE 2 - INTERACTIONS BETWEEN THE ACTORS IN CLOUD COMPUTING
`13
`FIGURE 2 – INTERACTIONS BETWEEN THE ACTORS IN CLOUD COMPUTING ......................................... 13
`FIGURE 3 - EXAMPLE OF SERVICES AVAILABLE TO A CLOUD CONSUMER
`15
`FIGURE 3 – EXAMPLE OF SERVICES AVAILABLE TO A CLOUD CONSUMER .......................................... 15
`FIGURE 4 - CLOUD PROVIDER: MAJOR ACTIVITIES
`16
`FIGURE 4 – CLOUD PROVIDER: MAJOR ACTIVITIES ............................................................................. 16
`FIGURE 5 - CLOUD PROVIDER: SERVICE ORCHESTRATION
`18
`FIGURE 5 – CLOUD PROVIDER: SERVICE ORCHESTRATION .................................................................. 18
`FIGURE 6 - CLOUD PROVIDER: CLOUD SERVICE MANAGEMENT
`20
`FIGURE 6 – CLOUD PROVIDER: CLOUD SERVICE MANAGEMENT ......................................................... 20
`FIGURE 7 - HIGH-LEVEL GENERIC SCENARIOS
`27
`FIGURE 7 – HIGH-LEVEL GENERIC SCENARIOS ................................................................................... 27
`FIGURE 8 - IT STANDARDS LIFE CYCLE
`33
`FIGURE 8 – IT STANDARDS LIFE CYCLE .............................................................................................. 33
`FIGURE 9 - CONFORMITY ASSESSMENT INFRASTRUCTURE
`36
`FIGURE 9 – CONFORMITY ASSESSMENT INFRASTRUCTURE ................................................................. 36
`FIGURE 10 - ACCREDITATION PROCESS
`37
`FIGURE 10 – ACCREDITATION PROCESS .............................................................................................. 37
`FIGURE 11 - ASSESSMENT PROCESS
`38
`FIGURE 11 – ASSESSMENT PROCESS .................................................................................................... 38
`FIGURE 12 - THE COMBINED CONCEPTUAL REFERENCE DIAGRAM
`51
`FIGURE 12 – THE COMBINED CONCEPTUAL REFERENCE DIAGRAM .................................................... 51
`FIGURE 13 - DOD DISR STANDARDS SELECTION PROCESS
`102
`FIGURE 13 – DOD DISR STANDARDS SELECTION PROCESS .............................................................. 102
`
`ix
`ix
`
`
`
`NIST CLOUD COMPUTING STANDARDS ROADMAP
`NIST CLOUD COMPUTING STANDARDS ROADMAP
`
`
`
`LIST OF TABLES
`14
`TABLE 1 - CLOUD CONSUMER AND CLOUD PROVIDER
`TABLE 1 – CLOUD CONSUMER AND CLOUD PROVIDER ....................................................................... 14
`TABLE 2 - DEPLOYMENT CASES FOR HIGH LEVEL SCENARIOS
`28
`TABLE 2 – DEPLOYMENT CASES FOR HIGH LEVEL SCENARIOS ........................................................... 28
`TABLE 3 - SCENARIOS AND TECHNICAL REQUIREMENTS
`31
`TABLE 3 – SCENARIOS AND TECHNICAL REQUIREMENTS .................................................................... 31
`TABLE 4 - STANDARDS MATURITY MODEL
`39
`TABLE 4 – STANDARDS MATURITY MODEL ........................................................................................ 39
`TABLE 5 - SECURITY STANDARDS: AUTHENTICATION AND AUTHORIZATION
`52
`TABLE 5 – SECURITY STANDARDS: AUTHENTICATION AND AUTHORIZATION ..................................... 52
`TABLE 6 - SECURITY STANDARDS: CONFIDENTIALITY
`53
`TABLE 6 – SECURITY STANDARDS: CONFIDENTIALITY ........................................................................ 53
`TABLE 7 - SECURITY STANDARDS: INTEGRITY
`53
`TABLE 7 – SECURITY STANDARDS: INTEGRITY .................................................................................... 53
`TABLE 8 - SECURITY STANDARDS: IDENTITY MANAGEMENT
`54
`TABLE 8 – SECURITY STANDARDS: IDENTITY MANAGEMENT ............................................................. 54
`TABLE 9 - SECURITY STANDARDS: SECURITY MONITORING & INCIDENT RESPONSE
`55
`TABLE 9 – SECURITY STANDARDS: SECURITY MONITORING & INCIDENT RESPONSE .......................... 55
`TABLE 10 - SECURITY STANDARDS: SECURITY CONTROLS
`56
`TABLE 10 – SECURITY STANDARDS: SECURITY CONTROLS ................................................................. 56
`TABLE 11 - SECURITY STANDARDS: SECURITY POLICY MANAGEMENT
`57
`TABLE 11 – SECURITY STANDARDS: SECURITY POLICY MANAGEMENT .............................................. 57
`TABLE 12 - SECURITY STANDARDS: AVAILABILITY
`57
`TABLE 12 – SECURITY STANDARDS: AVAILABILITY ............................................................................ 57
`TABLE 13 - INTEROPERABILITY STANDARDS
`58
`TABLE 13 – INTEROPERABILITY STANDARDS ...................................................................................... 58
`TABLE 14 - PORTABILITY STANDARDS
`59
`TABLE 14 – PORTABILITY STANDARDS ............................................................................................... 59
`TABLE 15 - PERFORMANCE STANDARDS
`60
`TABLE 15 – PERFORMANCE STANDARDS ............................................................................................. 60
`TABLE 16 - ACCESSIBILITY STANDARDS
`61
`TABLE 16 – ACCESSIBILITY STANDARDS ............................................................................................. 61
`TABLE 17 - AREAS OF STANDARDIZATION GAPS AND STANDARDIZATION PRIORITIES
`75
`TABLE 17 – AREAS OF STANDARDIZATION GAPS AND STANDARDIZATION PRIORITIES ....................... 75
`TABLE 18 - DOD SELECTION CRITERIA AND DESCRIPTION SUMMARY
`100
`TABLE 18 – DOD SELECTION CRITERIA AND DESCRIPTION SUMMARY ............................................. 100
`TABLE 19 - DOD STANDARDS SOURCES PREFERENCES
`101
`TABLE 19 – DOD STANDARDS SOURCES PREFERENCES .................................................................... 101
`
`
`
`
`
`x
`x
`
`
`
`NIST CLOUD COMPUTING STANDARDS ROADMAP
`NIST CLOUD COMPUTING STANDARDS ROADMAP
`
`
`
`Foreword
`Foreword
`
`
`
`This is the second edition of the NIST Cloud Computing Standards Roadmap, which has been
`This is the second edition of the NIST Cloud Computing Standards Roadmap, which has been
`developed by the members of the public NIST Cloud Computing Standards Roadmap Working
`developed by the members of the public NIST Cloud Computing Standards Roadmap Working
`Group. This edition includes updates to the information on portability, interoperability, and security
`Group. This edition includes updates to the information on portability, interoperability, and security
`standards in the first edition and adds new information on accessibility and performance standards.
`standards in the first edition and adds new information on accessibility and performance standards.
`Also new in this edition is information on the role of conformity assessment in support of voluntary
`Also new in this edition is information on the role of conformity assessment in support of voluntary
`consensus standards. Analyzing typical government use cases (see Section 8), U.S. Government
`consensus standards. Analyzing typical government use cases (see Section 8), U.S. Government
`priorities and gaps in cloud computing voluntary consensus standards are identified in this edition
`priorities and gaps in cloud computing voluntary consensus standards are identified in this edition
`and the previous edition. This information is intended for use by federal agencies and other
`and the previous edition. This information is intended for use by federal agencies and other
`stakeholders to help plan their participation in voluntary consensus standards development and
`stakeholders to help plan their participation in voluntary consensus standards development and
`related conformity assessment activities, which can help to accelerate the agencies' secure adoption
`related conformi
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
