Email this Article Email   

CHIPS Articles: NIST Issues General Access Control Guidance for Cloud Systems

NIST Issues General Access Control Guidance for Cloud Systems
By CHIPS Magazine - April 2, 2020
The National Institute of Standards and Technology provided guidance and an initial step toward understanding security challenges in cloud systems by analyzing the access control (AC) considerations in all three cloud service delivery models—Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS).

Draft NIST Special Publication 800-210, General Access Control Guidance for 3 Cloud Systems describes essential characteristics that would affect the Cloud's AC design are also summarized, such as broad network access, resource pooling, rapid elasticity, measured service, and data sharing.

NIST officials wrote various guidance for AC design of IaaS, PaaS, and SaaS are proposed according to their different characteristics. Recommendations for AC design in different cloud systems are also included to facilitate future implementations. Additionally, potential policy rules are summarized for each cloud system.

Comments are due May 15, 2020. Please email comments to: sp800-210-comments@nist.gov

Download Draft NIST Special Publication 800-210
SP 800-210 (Draft) (DOI)
NIST Download

Related CHIPS Articles
Related DON CIO News
Related DON CIO Policy

CHIPS is an official U.S. Navy website sponsored by the Department of the Navy (DON) Chief Information Officer, the Department of Defense Enterprise Software Initiative (ESI) and the DON's ESI Software Product Manager Team at Space and Naval Warfare Systems Center Pacific.

Online ISSN 2154-1779; Print ISSN 1047-9988
Hyperlink Disclaimer