• Home

  • Documents

  • The attached DRAFT document (provided here for · PDF fileNIST Computer Security Division 800...
86
The attached DRAFT document (provided here for HISTORICAL purposes) has been superseded by the following publication: Publication Number: Special Publication 800-146 Title: Cloud Computing Synopsis and Recommendations Publication Date: 05/29/2012 Final Publication: http://csrc.nist.gov/publications/nistpubs/800-146/sp800-146.pdf Related Information on CSRC: http://csrc.nist.gov/publications/PubsSPs.html#800-146 Information on other NIST Computer Security Division publications and programs can be found at: http://csrc.nist.gov/

The attached DRAFT document (provided here for · PDF fileNIST Computer Security Division 800 -146, Cloud Computing Synopsis and Recommendations May 29, 2012 . ... Table 2: Typical

  • Upload
    trananh

  • View
    216

  • Download
    1

Embed Size (px)

Citation preview

  • The attached DRAFT document (provided here for HISTORICAL purposes) has been superseded by the following publication:

    Publication Number: Special Publication 800-146

    Title: Cloud Computing Synopsis and Recommendations

    Publication Date: 05/29/2012

    Final Publication: http://csrc.nist.gov/publications/nistpubs/800-146/sp800-146.pdf

    Related Information on CSRC: http://csrc.nist.gov/publications/PubsSPs.html#800-146

    Information on other NIST Computer Security Division publications and programs can be found at: http://csrc.nist.gov/

    http://csrc.nist.gov/publications/nistpubs/800-146/sp800-146.pdfhttp://csrc.nist.gov/publications/PubsSPs.html#800-146http://csrc.nist.gov/

  • The following information was posted with the attached DRAFT document:

    NIST Computer Security Division 800-146, Cloud Computing Synopsis and Recommendations May 29, 2012

    The final version of NIST Special Publication 800-146, Cloud Computing Synopsis and Recommendations is NISTs general guide to cloud computing. It explains cloud systems in plain language and provides recommendations for information technology decision makers ranging from chief information officers, information systems developers, system and network administrators, information system security officer and systems owners. This document presents information on how clouds are deployed, what kind of services are available, economic considerations, technical characteristics such as performance and reliability, typical terms of service, and security issues. It also offers recommendations on how and when cloud computing is an appropriate tool, and surveys open issues for cloud computing.

  • Special Publication 800-146

    DRAFT Cloud

    Computing Synopsis

    and Recommendations

    Recommendations of the National Institute of Standards and Technology

    LeeBadger Tim Grance RobertPatt-Corner JeffVoas

  • DRAFT Cloud Computing Synopsis and NIST Special Publication 800-146 Recommendations

    Recommendations of the National Institute of Standards and Technology

    Lee Badger Tim Grance Robert Patt-Corner Jeff Voas

    C O M P U T E R S E C U R I T Y

    Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Gaithersburg, MD 20899-8930

    May 2011

    U.S. Department of Commerce

    Gary Locke, Secretary

    National Institute of Standards and Technology

    Patrick D. Gallagher, Director

  • DRAFT CLOUD COMPUTING SYNOPSIS AND RECOMMENDATIONS

    Reports on Computer Systems Technology

    The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) promotes the U.S. economy and public welfare by providing technical leadership for the nations measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of concept implementations, and technical analysis to advance the development and productive use of information technology. ITLs responsibilities include the development of technical, physical, administrative, and management standards and guidelines for the cost-effective security and privacy of sensitive unclassified information in Federal computer systems. This Special Publication 800-series reports on ITLs research, guidance, and outreach efforts in computer security and its collaborative activities with industry, government, and academic organizations.

    National Institute of Standards and Technology Special Publication 800-146 Natl. Inst. Stand. Technol. Spec. Publ. 800-146, 84 pages (May 2011)

    Certain commercial entities, equipment, or materials may be identified in this document in order to describe an experimental procedure or concept adequately.

    Such identification is not intended to imply recommendation or endorsement by the National Institute of Standards and Technology, nor is it intended to imply that the entities, materials, or equipment are necessarily the best available for the purpose.

    ii

  • DRAFT CLOUD COMPUTING SYNOPSIS AND RECOMMENDATIONS

    Acknowledgments

    The authors, Lee Badger of the National Institute of Standards and Technology (NIST), Tim Grance, of the National Institute of Standards and Technology (NIST), Robert Patt-Corner of Global Tech, Inc, and Jeff Voas of the National Institute of Standards and Technology (NIST), wish to thank their colleagues who reviewed drafts of this document and contributed to its technical content. The authors gratefully acknowledge and appreciate the contributions from individuals and organizations whose comments improved the overall quality of this publication.

    Trademark Information

    All names are trademarks or registered trademarks of their respective owners.

    iii

  • DRAFT CLOUD COMPUTING SYNOPSIS AND RECOMMENDATIONS

    Table of Contents

    Executive Summary.................................................................................................................... 1

    1. Introduction .......................................................................................................................1-1 1.1 Authority................................................................................................................... 1-1 1.2 Purpose and Scope ................................................................................................. 1-1 1.3 Audience .................................................................................................................. 1-1 1.4 Document Structure ................................................................................................. 1-1

    2. Cloud Computing Definition ............................................................................................2-1

    3. Typical Commercial Terms of Service ............................................................................3-1 3.1 Promises .................................................................................................................. 3-1 3.2 Limitations................................................................................................................ 3-2 3.3 Obligations ............................................................................................................... 3-2 3.4 Recommendations ................................................................................................... 3-3

    4. General Cloud Environments ..........................................................................................4-1 4.1 Understanding Who Controls Resources in a Cloud ............................................... 4-3 4.2 The On-site Private Cloud Scenario ........................................................................ 4-4 4.3 The Outsourced Private Cloud Scenario ................................................................. 4-7 4.4 The On-site Community Cloud Scenario ................................................................. 4-9 4.5 The Outsourced Community Cloud Scenario ........................................................ 4-12 4.6 The Public Cloud Scenario .................................................................................... 4-13 4.7 The Hybrid Cloud Scenario.................................................................................... 4-15

    5. Software-as-a-Service Environments .............................................................................5-1 5.1 Abstract Interaction Dynamics ................................................................................. 5-2 5.2 Software Stack and Provider/Subscriber Scopes of Control.................................... 5-3 5.3 Benefits .................................................................................................................... 5-4

    5.3.1 Very Modest Software Tool Footprint...........................................................5-4 5.3.2 Efficient Use of Software Licenses...............................................................5-4 5.3.3 Centralized Management and Data .............................................................5-4 5.3.4 Platform Responsibilities Managed by Providers.........................................5-5 5.3.5 Savings in Up-front Costs ............................................................................5-5

    5.4 Issues and Concerns ............................................................................................... 5-5 5.4.1 Browser-based Risks and Risk Remediation ...............................................5-5 5.4.2 Network Dependence...................................................................................5-6 5.4.3 Isolation vs. Efficiency (Security vs. Cost Tradeoffs) ...................................5-6

    5.5 Candidate Application Classes ................................................................................ 5-7 5.6 Recommendations for Software as a Service.......................................................... 5-8

    6. Platform-as-a-Service Cloud Environments...................................................................6-1 6.1 Abstract Interaction Dynamics ................................................................................. 6-1 6.2 Software Stack and Provider/Subscriber Scopes of Control.................................... 6-3 6.3 Benefits .................................................................................................................... 6-3

    6.3.1 Facilitated Scalable Application Development and Deployment ..................6-4 6.4 Issues and Concerns ............................................................................................... 6-4

    6.4.1 Lack of Portability between PaaS Clouds ............................................


#146 - HRODC

#146 - HRODC

Documents
NIST Preliminary Reconnaissance, Building Performance and · PDF fileNIST Preliminary Reconnaissance, Building Performance and Emergency Communications, Joplin, Missouri Tornado, May

NIST Preliminary Reconnaissance, Building Performance and · PDF fileNIST Preliminary Reconnaissance, Building Performance and Emergency Communications, Joplin, Missouri Tornado, May

Documents
Oracle 1Z0-146 - Killexams.comkillexams.com/demo-download/1Z0-146.pdf · 1Z0-146 Oracle Oracle Database 11g: Advanced PL/SQL

Oracle 1Z0-146 - Killexams.comkillexams.com/demo-download/1Z0-146.pdf · 1Z0-146 Oracle Oracle Database 11g: Advanced PL/SQL

Documents
British Aerospace BAe 146-200A VH-JJP Near Meekatharra ... · British Aerospace BAe 146-200A VH-JJP Near Meekatharra, Western Australia ... SYNOPSIS The aircraft was on ... Engine

British Aerospace BAe 146-200A VH-JJP Near Meekatharra ... · British Aerospace BAe 146-200A VH-JJP Near Meekatharra, Western Australia ... SYNOPSIS The aircraft was on ... Engine

Documents
146 day6 October 20, 2014porterr/course/146/documents/146d610.pdf · 146 day6 October 20, 2014. 146 day6 October 20, 2014. 146 day6 October 20, 2014. 59B*. GROUP NAME: Student Names

146 day6 October 20, 2014porterr/course/146/documents/146d610.pdf · 146 day6 October 20, 2014. 146 day6 October 20, 2014. 146 day6 October 20, 2014. 59B*. GROUP NAME: Student Names

Documents
Page 146 #3. Page 146 #5 Page 146 #7 Page 146 #9

Page 146 #3. Page 146 #5 Page 146 #7 Page 146 #9

Documents
A global Synopsis of Groundwater science and transboundary ...inweh.unu.edu/wp-content/uploads/2013/05/Groundwater-Synopsis... · SYNOPSIS REPORT GROUNDWATER A global Synopsis of

A global Synopsis of Groundwater science and transboundary ...inweh.unu.edu/wp-content/uploads/2013/05/Groundwater-Synopsis... · SYNOPSIS REPORT GROUNDWATER A global Synopsis of

Documents
2010 Census - Urbanized Area Reference Map 610 45 10 45 45 10 10 10 10 10 10 610 45 45 3 330 146 146 99 249 36 288 146 321 336 6 146 146 105 146 146 87 105 288 288 105 105 242 105

2010 Census - Urbanized Area Reference Map 610 45 10 45 45 10 10 10 10 10 10 610 45 45 3 330 146 146 99 249 36 288 146 321 336 6 146 146 105 146 146 87 105 288 288 105 105 242 105

Documents
Wednesday, Oct 21, 2015MAT 146. Wednesday, Oct 21, 2015MAT 146

Wednesday, Oct 21, 2015MAT 146. Wednesday, Oct 21, 2015MAT 146

Documents
office 146

office 146

Documents
146 - data.sfb.bg.ac.rs

146 - data.sfb.bg.ac.rs

Documents
Noticentral 146

Noticentral 146

Documents
DECISION ITEM - counterbalance2. Rochdale Nifisk case study 3. Financing proposal Page 118 of 146 Page 119 of 146 Page 120 of 146 Page 121 of 146 Page 122 of 146 Nilfisk City Ranger

DECISION ITEM - counterbalance2. Rochdale Nifisk case study 3. Financing proposal Page 118 of 146 Page 119 of 146 Page 120 of 146 Page 121 of 146 Page 122 of 146 Nilfisk City Ranger

Documents
NIST Tests Supporting Biometric Identification Applications · PDF fileNIST Tests Supporting Biometric Identification Applications ... SDK Photo File All Photo File ... Cogent Radius

NIST Tests Supporting Biometric Identification Applications · PDF fileNIST Tests Supporting Biometric Identification Applications ... SDK Photo File All Photo File ... Cogent Radius

Documents
SYNOPSIS AN EXAMINATION OF THE RELATIONSHIP …shodhganga.inflibnet.ac.in/bitstream/10603/12248/12/12_synposis.pdf · synopsis synopsis‐1 synopsis an examination of the relationship

SYNOPSIS AN EXAMINATION OF THE RELATIONSHIP …shodhganga.inflibnet.ac.in/bitstream/10603/12248/12/12_synposis.pdf · synopsis synopsis‐1 synopsis an examination of the relationship

Documents
NIST 800-146 Cloud Computing Synopsis

NIST 800-146 Cloud Computing Synopsis

Documents
Species Synopsis No, 19 FAO Fisheries Biology Synopsis No

Species Synopsis No, 19 FAO Fisheries Biology Synopsis No

Documents
EDICION 146

EDICION 146

Documents
Electric Motor Starters & Contactors - Jenkins Electric · 146-1200 * 12.00 1.20 0.744 146-1350 13.50 1.35 0.836 146-1500 * 15.00 1.50 0.930 146-2200 * 22.00 2.20 1.320 146-2700 27.00

Electric Motor Starters & Contactors - Jenkins Electric · 146-1200 * 12.00 1.20 0.744 146-1350 13.50 1.35 0.836 146-1500 * 15.00 1.50 0.930 146-2200 * 22.00 2.20 1.320 146-2700 27.00

Documents
Recommendation for Cryptographic Key Generation · PDF fileNIST Special Publication 800 -133 . Recommendation for Cryptographic Key Generation. Elaine Barker . Allen Roginsky . Computer

Recommendation for Cryptographic Key Generation · PDF fileNIST Special Publication 800 -133 . Recommendation for Cryptographic Key Generation. Elaine Barker . Allen Roginsky . Computer

Documents
NIST Special Publication 800-146, Cloud Computing Synopsis and

NIST Special Publication 800-146, Cloud Computing Synopsis and

Documents
EmbalagemMarca 146

EmbalagemMarca 146

Documents
A Synopsis of A Synopsis of GREEN AUDIT PROCESS

A Synopsis of A Synopsis of GREEN AUDIT PROCESS

Documents
SYNOPSIS - shodhganga.inflibnet.ac.inshodhganga.inflibnet.ac.in/bitstream/10603/3357/9/09_synopsis.pdf · Synopsis-1 SYNOPSIS INTRODUCTION: Queueing theory is the mathematical study

SYNOPSIS - shodhganga.inflibnet.ac.inshodhganga.inflibnet.ac.in/bitstream/10603/3357/9/09_synopsis.pdf · Synopsis-1 SYNOPSIS INTRODUCTION: Queueing theory is the mathematical study

Documents
Woodsmith - 146

Woodsmith - 146

Documents
Claymore 146

Claymore 146

Documents
Monday, February 16, 2015MAT 146. Monday, February 16, 2015MAT 146

Monday, February 16, 2015MAT 146. Monday, February 16, 2015MAT 146

Documents
Wednesday, January 21, 2015MAT 146. Wednesday, January 21, 2015MAT 146

Wednesday, January 21, 2015MAT 146. Wednesday, January 21, 2015MAT 146

Documents
Navvies 146

Navvies 146

Documents
146 - Arizona

146 - Arizona

Documents