Science casts
Number Won
2015. 8. 2. 11:29
DRAFT Security Requirements for Cryptographic Modules (Revised Draft)
Cloud Security
The formation of NIST Cloud Computing Security Working Group (NCC-SWG) is an integral part of the overall NIST effort to facilitate secure adoption of cloud services for United State Government (USG).
Cloud computing has the potential to offer good cost savings both in terms of capital expenses (CAPEX) and operational expenses (OPEX) as well as leverage leading-edge technologies to meet the information processing needs of USG. However, the change in control dynamics (both in terms of ownership and management) with respect to IT resources poses security challenges. The objectives of NCC-SWG are:
1. Gather input from all stakeholders (both within USG and Industry) regarding security concerns in Cloud Computing services.
2. Analyze/prioritize a list of challenging security requirements that may delay or prevent adoption of Cloud Computing services by federal agencies.
3. Provide, when available, a description of practical approaches for mitigation and/or pointers to existing works that can lead to mitigation for each challenging security requirement.
4. Define a Cloud Computing Security Reference Architecture that supplements the NIST Reference Architecture and Taxonomy described in the NIST SP 500-293.
5. Cloud Computing Key Management research.
CHAIRs:
Dr. Michaela Iorga, Senior Security Technical Lead for Cloud Computing, NIST (michaela.iorga at nist dot gov)
Mr. Anil Karmel, Founder and CEO, C2 Labs, Inc. (akarmel at c2labs dot com)
1.
2.
3. Cloud-adapted Risk Management Framework: : Guide for Applying the Risk Management Framework to Cloud-based Federal Information Systems (SP 800-173) - work in progress
4. Security and Privacy Controls for Cloud-based Information Federal Systems (SP 800-174) - work in progress
Many thanks to all reviewers of the NIST SP 500-299 draft document that provided valuable comments
UPDATE 5/16/2013: The SRA document has been uploaded in PDF format (not zipped).
Membership
Participation in this Working Group is open to all interested parties, both nationally and internationally. There are no membership fees.
All information exchanged within the WG will be non-proprietary. WG members should assume that all materials exchanged will be made public.
To subscribe to the WG's mailing list, please send an email to CC_SECURITY at nist.gov with the subject line: "CC_SECURITY Subscribe", and with your full name and email address in the body of the message.
To unsubscribe, please send an email to the chair from your registered email address, with the subject line: "CC_SECURITY Unsubscribe" and your name in the body of the message.
· Include a signature tag on all messages. Include your name, affiliation, location, and e-mail address.
· State concisely and clearly the specific topic of the comments in the subject line. This allows members to respond more appropriately to your posting and makes it easier for members to search the archives by subject.
· Only send a message to the entire list when it contains information that everyone can benefit from.
· Send messages such as “thanks for the information” or “me, too” to individuals—not to the entire list. Do this by using your e-mail application's forwarding option and typing in or cutting and pasting in the e-mail address of the individual to whom you want to respond.
· Do not send administrative messages, such as remove me from the list, through the list server. Instead, use the web interface to change your settings or to remove yourself from a list. If you are changing e-mail addresses, you do not need to remove yourself from the list and rejoin under your new e-mail address. Simply change your settings.
· Additionally
o The listserv is principally for technical discussion related to Cloud Computing Security Working Group's activities.
o Files should NOT be distributed on the listserv list, rather they should be attached to the relevant TWiki topic page and a link shared via the listserv list.
o Issues with the listserv operation should be sent to the chair of the Cloud Computing Security Working Group.
draft-nistir-7669.pdf Draft-NISTIR-7670_Feb2011.pdf Draft-NISTIR-7756_second-public-draft.pdf Draft-NISTIR-7799.pdf Draft-NISTIR-7800.pdf Draft-NISTIR-7831.pdf Draft-SP800-117-r1.pdf draft-sp800-118.pdf draft-SP800-155_Dec2011.pdf draft-sp800-65rev1.pdf draft-sp800-90b.pdf draft-sp800-90c.pdf draft_nistir_7848.pdf draft_sp800_152_comments-received_march2015.pdf draft_sp800_90a_comments_received.pdf
The NIST Cloud Computing Public Security Working Group has weekly, one hour long meetings by telecon.
Date and time: Wednesday -14:00 to 15:00 (2-3 PM) EDT.
The dial-in information for the weekly meeting is as follows:
· Phone: 866-819-5964
· Passcode: 157533200754
The URL for the web conference tool for the meeting is: http://webconf.soaphub.org/conf/room/cc_security
Formal Model:
· Introduction to the "NIST Cloud Computing Security Reference Architecture" (
·
(past working document)
|
1 |
Feb 9, 2011 |
||
|
2 |
Feb 16, 2011 |
||
|
3 |
Feb 23, 2011 |
||
|
4 |
March 2, 2011 |
||
|
5 |
March 9, 2011 |
||
|
6 |
March 16, 2011 |
|
|
|
7 |
March 23, 2011 |
|
|
|
8 |
March 30, 2011 |
|
|
|
9 |
April 20, 2011 |
|
|
|
10 |
May 4, 2011 |
||
|
11 |
May 18, 2011 |
||
|
12 |
June 1, 2011 |
||
|
13 |
June 15, 2011 |
||
|
14 |
June 29, 2011 |
||
|
15 |
July 13, 2011 |
||
|
16 |
July 27, 2011 |
||
|
17 |
August 10, 2011 |
| |
|
18 |
Dec. 14, 2011 |
|
|
|
19 |
Dec. 21, 2011 |
|
(past working documents)
|
Cloud Security Working Group Draft Charter |
Draft |
01/31/2011 | |
|
Top 10 Cloud Security Concerns |
Working List |
02/16/2011 | |
|
Deliverables Approach |
Draft |
02/23/2011 | |
|
Cloud Security Services Architecture |
Draft |
03/02/2011 | |
|
Incident Response by Kathleen Moriarty |
|
03/02/2011 | |
|
Strategy for identifying Threats |
|
03/02/2011 | |
|
Threat Analysis of Cloud Services |
|
03/09/2011 | |
|
Basic Security Functional Areas |
|
03/16/2011 | |
|
Cloud Threats by Sources |
|
03/16/2011 | |
|
PCI Compliance with Virtualization |
|
03/16/2011 | |
|
Threat Taxonomy Development - Two Alternatives |
|
03/23/2011 | |
|
Strawman Model v2.2 |
|
03/23/2011 | |
|
General Cloud Environments - excerpt from draft NIST SP 800-146, in preparation |
|
03/30/2011 | |
|
2011-03-30_Cloud_Service_Providers___Operational_SupportSWG.pdf |
Cloud Service Providers – Operational Support |
|
03/30/2011 |
|
Combined Conceptual Reference Diagram |
|
03/30/2011 | |
|
Cloud Computing Forum & Workshop III Agenda |
Draft |
03/30/2011 | |
|
Title and Scope of NIST Security Working Group Deliverable |
|
03/30/2011 | |
|
Summary of Feedback regarding the Idea to Reboot Security Working Group |
|
04/20/2011 | |
|
Impact analysis of full virtualization on SP 800-53 rev3 |
Working version |
04/29/2011 | |
|
DHS Top 20 Security Controls |
Working List |
04/29/2011 | |
|
Cloud_Computing_Security_Impediments_and_Mitigations_List-v04.pdf |
Cloud Computing Security Impediments and Mitigations List |
Version 4 |
06/15/2011 |
|
Cloud_Computing_Security_Impediments_and_Mitigations_List-v05.pdf |
Cloud Computing Security Impediments and Mitigations List |
Version 5 |
06/29/2011 |
|
Cloud_Computing_Security_Impediments_and_Mitigations_List-v06.pdf |
Cloud Computing Security Impediments and Mitigations List |
Version 6 |
07/13/2011 |
|
Cloud_Computing_Security_Impediments_and_Mitigations_List-v07.pdf |
Cloud Computing Security Impediments and Mitigations List |
Version 7 |
07/27/2011 |
|
Cloud_Computing_Security_Impediments_and_Mitigations_List-v08.pdf |
Cloud Computing Security Impediments and Mitigations List |
Version 8 |
08/10/2011 |
|
Cloud_Computing_Security_Impediments_and_Mitigations_List-v09.pdf |
Cloud Computing Security Impediments and Mitigations List |
Version 9 |
08/17/2011 |
|
NIST Cloud Computing Challenging Security Requirements for USG Adoption of Cloud Computing |
Draft |
11/02/2011 | |
|
NIST Cloud Computing Security Working Group SR Schedule |
|
12/07/2011 |
|
Topic attachments | |||||||
|
|
r1 |
20.8 K |
2011-03-30 - 17:12 |
| |||
|
|
2011-03-30_Cloud_Service_Providers___Operational_SupportSWG.pdf |
r1 |
97.4 K |
2011-03-30 - 16:01 |
| ||
|
|
r1 |
619.4 K |
2011-03-30 - 16:01 |
| |||
|
|
r1 |
65.2 K |
2011-03-30 - 16:02 |
| |||
|
|
r1 |
47.5 K |
2011-04-20 - 18:10 |
Summary of Feedback regarding the Idea to Reboot Security Working Group | |||
|
|
r1 |
201.9 K |
2011-12-22 - 14:17 |
Dec. 21 meeting note | |||
|
|
r1 |
52.6 K |
2011-02-23 - 01:05 |
| |||
|
|
r1 |
5.7 K |
2011-02-23 - 01:05 |
| |||
|
|
r1 |
53.0 K |
2011-02-16 - 16:00 |
| |||
|
|
r1 |
19.9 K |
2011-08-05 - 18:00 |
| |||
|
|
r1 |
53.4 K |
2011-03-02 - 18:00 |
Cloud Services Security Architecture | |||
|
|
r1 |
7.3 K |
2011-03-02 - 17:59 |
| |||
|
|
r1 |
255.5 K |
2011-03-02 - 17:57 |
| |||
|
|
r1 |
306.0 K |
2011-05-18 - 17:31 |
2011-May-4 Meeting Minutes | |||
|
|
r1 |
466.0 K |
2011-03-30 - 16:02 |
| |||
|
|
Assumptions_and_Clarifications_of_NIST_CC_RA_Actors_v1_5.docx |
r1 |
137.4 K |
2012-03-26 - 17:15 |
(v1.5) - Assumptions and Clarifications Regarding the Definitions of the NIST CC RA Actors | ||
|
|
r1 |
53.8 K |
2011-03-16 - 18:02 |
Basic Security Functions | |||
|
|
r1 |
91.2 K |
2011-12-07 - 20:40 |
SR schedule | |||
|
|
r1 |
88.8 K |
2011-12-12 - 14:59 |
updated version | |||
|
|
r1 |
63.6 K |
2012-01-25 - 19:55 |
Cloud Security Alliance's Cloud Controls Matrix v1.2 (Mapping of 800-53 and FedRAMP controls) | |||
|
|
r2 r1 |
1019.2 K |
2012-11-21 - 04:36 |
| |||
|
|
Cloud_Computing_Security_Impediments_and_Mitigations_List-v05.pdf |
r2 r1 |
480.8 K |
2011-06-29 - 15:11 |
| ||
|
|
Cloud_Computing_Security_Impediments_and_Mitigations_List-v06.pdf |
r1 |
869.8 K |
2011-07-13 - 16:05 |
| ||
|
|
Cloud_Computing_Security_Impediments_and_Mitigations_List-v07.pdf |
r1 |
452.7 K |
2011-07-26 - 20:08 |
Impediment List document v07 | ||
|
|
Cloud_Computing_Security_Impediments_and_Mitigations_List-v08.pdf |
r1 |
464.5 K |
2011-08-10 - 15:07 |
impediments list doc v08 | ||
|
|
Cloud_Computing_Security_Impediments_and_Mitigations_List-v09.pdf |
r1 |
499.8 K |
2011-08-18 - 17:22 |
The Impediments and Mitigations List | ||
|
|
r1 |
119.2 K |
2012-04-16 - 18:40 |
An overview of cloud forensics and its challenges and opportunities (published in Advances in Digital Forensics vol 7 by Springer)) | |||
|
|
r1 |
10.1 K |
2011-03-16 - 18:03 |
Cloud Threats by Sources | |||
|
|
r1 |
14.8 K |
2013-01-17 - 06:09 |
| |||
|
|
r1 |
95.8 K |
2011-03-01 - 21:30 |
Incident Response by Kathleen Moriarty | |||
|
|
r1 |
11.7 K |
2011-03-11 - 13:03 |
March 9, 2011 Agenda | |||
|
|
r1 |
255.5 K |
2011-02-23 - 00:50 |
Meeting Agenda Feb 23, 2011 | |||
|
|
r2 r1 |
18145.7 K |
2013-04-23 - 18:53 |
| |||
|
|
r1 |
15549.3 K |
2012-11-21 - 05:20 |
| |||
|
|
r1 |
16172.0 K |
2012-11-21 - 04:17 |
| |||
|
|
r1 |
15531.5 K |
2013-01-07 - 21:07 |
| |||
|
|
r1 |
19296.9 K |
2013-01-17 - 06:11 |
| |||
|
|
r1 |
13254.9 K |
2012-11-20 - 02:43 |
| |||
|
|
r1 |
411.0 K |
2011-02-23 - 00:42 |
NIST CC SWG meeting minutes Feb 16, 2011 | |||
|
|
r1 |
18.9 K |
2011-03-11 - 13:00 |
Meeting Minutes for March 2, 2011 | |||
|
|
r1 |
18.9 K |
2011-03-24 - 12:46 |
| |||
|
|
r1 |
18.8 K |
2011-03-29 - 12:48 |
| |||
|
|
r1 |
18.4 K |
2011-03-29 - 12:48 |
| |||
|
|
r1 |
18.8 K |
2011-05-03 - 16:06 |
| |||
|
|
r1 |
19.4 K |
2011-05-03 - 16:06 |
| |||
|
|
r1 |
23.0 K |
2011-05-25 - 16:42 |
| |||
|
|
r1 |
37.1 K |
2011-06-09 - 17:00 |
| |||
|
|
r1 |
136.9 K |
2011-06-20 - 18:39 |
one more time | |||
|
|
r1 |
327.7 K |
2011-07-13 - 16:18 |
| |||
|
|
r1 |
20.2 K |
2011-07-20 - 18:09 |
| |||
|
|
r1 |
19.9 K |
2011-08-05 - 18:02 |
| |||
|
|
r1 |
60.5 K |
2011-02-14 - 18:12 |
Meeting Minutes for Feb 9, 2011 | |||
|
|
r1 |
365.8 K |
2011-02-15 - 15:07 |
| |||
|
|
r1 |
9322.1 K |
2013-01-17 - 06:09 |
| |||
|
|
r1 |
8546.9 K |
2013-05-16 - 17:01 |
| |||
|
|
NIST_Security_Reference_Architecture_2013.05.15_v1.0.pdf.zip |
r1 |
17988.9 K |
2013-05-16 - 01:53 |
| ||
|
|
r1 |
794.8 K |
2011-11-02 - 15:02 |
A working version before CC workshop | |||
|
|
NIST_Security_Requirements_for_US_Government_Cloud_Computing_Adoption_v3.3-final.pdf |
r1 |
1127.0 K |
2012-06-03 - 15:50 |
NIST SP 500-296: "Challenging Security Requirements for the US Government Cloud Computing Adoption" | ||
|
|
r1 |
1897.7 K |
2011-03-16 - 18:03 |
PCI Compliance with Virtualization | |||
|
|
r1 |
17.8 K |
2013-05-16 - 01:35 |
| |||
|
|
r1 |
195.8 K |
2011-12-21 - 15:17 |
SA meeting notes of Dec. 14 | |||
|
|
r1 |
364.8 K |
2012-12-30 - 01:02 |
| |||
|
|
r1 |
185.2 K |
2012-11-21 - 04:03 |
| |||
|
|
r1 |
600.7 K |
2013-01-17 - 06:12 |
| |||
|
|
r1 |
138.5 K |
2013-10-26 - 21:46 |
| |||
|
|
r1 |
534.5 K |
2011-03-23 - 16:57 |
Strawman Model v2.2 | |||
|
|
r1 |
1636.4 K |
2012-01-25 - 21:03 |
CSA Trusted Cloud Initiative's Reference Architecture | |||
|
|
r1 |
14.8 K |
2011-03-11 - 12:56 |
Threat Analysis of Could Services | |||
|
|
r1 |
133.5 K |
2011-03-02 - 16:53 |
Threat Sources based on the Cloud Computing Model in CSA's Security Guide | |||
|
|
r1 |
68.8 K |
2011-03-23 - 16:56 |
Threat Taxonomy Development - Two Alternatives | |||
|
|
r1 |
58.8 K |
2011-04-29 - 18:24 |
DHS Top 20 Security Controls | |||
|
|
r1 |
5.8 K |
2011-02-16 - 16:00 |
| |||
|
|
r1 |
159.3 K |
2011-06-15 - 17:11 |
| |||
|
|
r1 |
177.1 K |
2011-08-10 - 15:06 |
CC meeting agenda 08/10 | |||
|
|
r1 |
295.9 K |
2011-07-13 - 16:05 |
| |||
|
|
r1 |
12.6 K |
2011-07-26 - 18:53 |
| |||
|
|
r1 |
162.9 K |
2011-06-29 - 15:11 |
| |||
|
|
r1 |
101.8 K |
2011-05-18 - 17:59 |
| |||
|
|
r1 |
94.2 K |
2011-05-18 - 17:28 |
| |||
|
|
r1 |
91.1 K |
2011-04-29 - 18:17 |
Impact analysis of full virtualization on SP 800-53 rev3 | |||
Topic revision: r110 - 2014-11-24 - MichaelaIorga
· Log In
·
·
·
·
· Webs
·
·
·
|
|
· Home · · · · View · Edit |
· o Log In |
|
|
|
· · Attach |
|
Ideas, requests, problems regarding TWiki? Send feedback
- 첨부파일
Number Won
The money can steal, but the knowledge can't steal even kill the person. 돈은 남이 훔쳐갈 수 있지만, 지식은 죽여도 못 훔쳐 갑니다.
