Presentation is loading. Please wait.

Presentation is loading. Please wait.

NIST Cloud Computing Standards Roadmap Working Group (CCSRWG) April 21, 2011 National Institute of Standards and Technology U.S. Department of Commerce.

Published byJean Palmer Modified over 8 years ago

Similar presentations

Presentation on theme: "NIST Cloud Computing Standards Roadmap Working Group (CCSRWG) April 21, 2011 National Institute of Standards and Technology U.S. Department of Commerce."— Presentation transcript:

1 NIST Cloud Computing Standards Roadmap Working Group (CCSRWG) April 21, 2011 National Institute of Standards and Technology U.S. Department of Commerce

2 US Department of Commerce 2 Agenda NIST Cloud Computing Program Relationship to Overall Federal Strategy Cloud Computing Workshop and Forum III USG Agency Mandates in Voluntary Consensus Standards Development CCSRWG and Standards Roadmap

3 US Department of Commerce 3 Accelerate the federal government’s adoption of cloud computing security, interoperability and portabilityStrategy to build a USG Cloud Computing Technology Roadmap which focuses on the highest priority USG cloud computing security, interoperability and portability requirements. Overview: NIST Cloud Computing Program

4 US Department of Commerce 4 Lead efforts to develop standards and guidelines in close consultation and collaboration with standards bodies, the private sector, and other stakeholders. For more detailed information, refer to the NIST Strategy to build a USG Cloud Computing Technology Roadmap posted on NIST Cloud Computing Web Page http://www.nist.gov/itl/cloud/upload/NIST_CC_program_updated_external_overview_040511.pdf Overview: NIST Cloud Computing Program

5 US Department of Commerce 5 How to build a USG Cloud Computing Technology Roadmap 1. Define Target USG Cloud Computing Business Use Cases 2. Define Neutral Cloud Computing Reference Architecture & Taxonomy NIST CC efforts Standards Working Group, SDO liaison, submissions Standards Acceleration to Jumpstart the Adoption of Cloud Computing (SAJACC) – through qualitative testing of specifications against interoperability, security, and portability requirements Guidance – Special Publications; technical advisor to Fed CIO Council; Cloud Security Working Group Complex Computing Simulation & Modeling – Koala IaaS resource allocation algorithms Strategic Program Tactical Program Concurrent & Iterative 3-step process that drives tactical efforts NIST Cloud Computing Program Concept & Rationale Interagency Report: USG Cloud Computing Technology Roadmap list of Tactical Priorities & Deliverables 3. Generate Cloud Computing Technology Roadmap – Translate Requirements & Identify Gaps Interagency Report: USG Cloud Computing Technology Roadmap list of Tactical Priorities & Deliverables 3. Generate Cloud Computing Technology Roadmap – Translate Requirements & Identify Gaps Interagency Report: USG Cloud Computing Technology Roadmap list of Tactical Priorities & Deliverables 3. Generate Cloud Computing Technology Roadmap – Translate Requirements & Identify Gaps Expand CC Definition ref. architecture priorities risks obstacles

6 US Department of Commerce 6 Complementary Relationship to broader Federal Strategy & other key efforts NIST Cloud Computing program is 1 part of the broader Federal Cloud Computing Strategy (Feb 2011) –USG agencies define strategies for cloud deployment –GSA & DHS also have defined roles –the effort is broad based across agencies 6 NIST is a technical advisor to Federal CIO Council Cloud Computing Executive Steering Committee, Cloud Computing Advisory Council Example: technical advisor to Federal Risk & Authorization Management Program (FedRAMP) initiated by the CCAC Security Working Group

7 US Department of Commerce 7 Purposes Cloud Computing Forum and Workshop III – Purposes –NIST Program: projects & working group plans & progress to date –Panels: External view –Highlights from our federal Cloud Computing strategy partners

8 US Department of Commerce 8 USG Cloud Computing Technology Roadmap The roadmap will define and prioritize USG requirements for interoperability, portability, and security for cloud computing in order to support secure and effective USG adoption of Cloud Computing. NIST has created the following Working Groups: Cloud Computing Neutral Reference Architecture & Taxonomy Group Cloud Computing SAJACC Technical Use Cases Working Group Cloud Computing Security Working Group Cloud Computing Target Business Use Cases Working Group Cloud Computing Standards Roadmap Working Group Integrated with other NIST Tactical efforts: Special Publications and Koala

9 US Department of Commerce 9 USG and Voluntary Consensus Standards standard -- document, established by consensus and approved by a recognized body, that provides, for common and repeated use, rules, guidelines or characteristics for activities or their results, aimed at the achievement of the optimum degree of order in a given context [ISO/IEC Guide 2:2004]

10 US Department of Commerce 10 USG and Voluntary Consensus Standards –USG law and policy requires Federal agencies to use international, voluntary consensus standards in their procurement and regulatory activities, except where inconsistent with law or otherwise impractical. –Agencies must consult with voluntary consensus standards bodies, both domestic and international, and must participate with such bodies in the development of voluntary consensus standards when consultation and participation is in the public interest and is compatible with their missions, authorities, priorities, and budget resources. [OMB Circular A-119]

11 US Department of Commerce 11 NIST and Voluntary Consensus Standards –NIST collaborates with national and international standards developing organizations, users, industry groups, consortia, and research and trade organizations, to get needed standards developed. –NIST ITL (and its predecessor organizations) has been accredited by ANSI as a standards developer since October 5, 1984. »http://www.nist.gov/itl/ansi/index.cfmhttp://www.nist.gov/itl/ansi/index.cfm »NIST is maintaining only one American National Standard

12 US Department of Commerce 12 NIST and Federal Information Processing Standards (FIPS) –FIPS are developed only when there are no existing voluntary consensus standards to address Federal requirements for the interoperability of different systems, for the portability of data and software, and for computer security. –Present FIPS are listed at: http://www.itl.nist.gov/fipspubs/by-num.htm –All current FIPS deal with some aspect of computer security.

13 US Department of Commerce 13 NIST and Federal Information Processing Standards (FIPS) –FIPS development is typically in support of a specific legislative or presidential directive mandate. –Federal Information Security Management Act of 2002 (FISMA)  FIPS 199-2004 & FIPS 200-2006 –Homeland Security Presidential Directive 12: Policy for a Common Identification Standard for Federal Employees and Contractors  FIPS 201-2006 –No voluntary industry standards or profiles were available when FIPS 199, 200 and 201 were developed.

14 US Department of Commerce 14 Cloud Computing Standards Roadmap Working Group

15 US Department of Commerce 15 NIST Members of this working group are: Dr. Jian Mao, Knowcean Consulting Inc. (under SPAWAR contract) Dr. Fang Liu, Knowcean Consulting Inc. (under SPAWAR contract) Jin Tong, Knowcean Consulting Inc. (under SPAWAR contract) Dr. Rama Chandramouli (Mouli), NIST CC Security WG Convener Mike Hogan, NIST CC Standards Roadmap WG Co-Convener Annie Sokol, NIST CC Standards Roadmap WG Co-Convener Dawn Leaf, NIST Senior Executive for Cloud Computing Cloud Computing Standards Roadmap WG (CCSRWG)

16 US Department of Commerce 16 MISSION STATEMENT MISSION STATEMENT NIST Cloud Computing Standards Roadmap Working Group will survey the existing standards landscape for security, portability, and interoperability standards / models / studies / etc. relevant to cloud computing, determine standards gaps, and identify standardization priorities. Cloud Computing Standards Roadmap Working GroupCCSRWG CCSRWG

17 US Department of Commerce 17Charter Charter – December 27, 2010 Conveners – Mike Hogan and Annie Sokol Participation – WG is open to all interested parties Liaisons – The work of the NIST CC WGs is interrelated and CCSRWG will liaise with the other WGs as needed. Deliverable – A recommended Cloud Computing Standards Roadmap document Target Date in Charter – March 31, 2011 Cloud Computing Standards Roadmap Working GroupCCSRWG CCSRWG

18 US Department of Commerce 18 Participants & Meetings Email sign-up –January 18, 2011: 346 –February 15, 2011: 462 –April 2011: 588 ( >250 known organizations – national and globally) Meetings –First meeting was January 6, 2011 –Every Thursday afternoon at 1:00 P.M. ET –Bi-weekly meetings since March 10, 2011 (except April 7) –Total of 11 meetings –The number of participants range between 20+ - 40+ –F2F Meeting – January 20, 2011, following DAPS38 meeting –Use Case Integration Ad hoc group – met for three weeks

19 US Department of Commerce 19 January 26 – Doc.#21 February 2 – Doc.#29 February 9 – Doc. #36 February 17 – Doc.#40 February 23 – Doc.#42 March 2 – Doc.#48 Standards Roadmap Document Standards Roadmap document Comments due April 25, 2011 March 9 – Doc.#52 March 23 – Doc.#56 March 28 – Doc.#60 Cloud Computing Standards Roadmap Working GroupCCSRWG CCSRWG April 18 – Doc.#65

20 US Department of Commerce 20Deliverable –The NIST Cloud Computing Standards Roadmap document will serve as an input to the USG Cloud Computing Technology Roadmap (on or around the end of FY 2011). –Target Date for the first edition of the NIST Cloud Computing Standards Roadmap May 16, 2011 –Target Date for the first edition of the NIST Cloud Computing Standards Roadmap – May 16, 2011 –The NIST standards roadmap document will be a living document. Cloud Computing Standards Roadmap Working GroupCCSRWG CCSRWG

21 US Department of Commerce 21 Timeline for Deliverable DateDescriptionDue Monday, April 18, 201110 th Working Draft PostedComments due Monday, April 25, 2011 Monday, April 25, 2011Comments on the 10 th Working Draft due Wednesday, April 27, 2011Proposed disposition of comments posted Thursday, April 28, 2011CCSRWG Meeting # 13 Monday, May 2, 201111 th Working Draft PostedComments due Monday, May 9, 2011 Monday, May 9, 2011Comments on the 11 th Working Draft due Wednesday, May 11, 2011Proposed disposition of comments posted Thursday, May 12, 2011Meeting # 14 Monday, May 16, 2011First Edition Posted

22 US Department of Commerce 22 Cloud Computing Standards Roadmap Working Group (CCSRWG) Tenth Working Draft This Presentation is based on the Tenth Working Draft

23 US Department of Commerce 23 Deliverable - Standards Roadmap Document Apply NIST Cloud Computing definition Leverage the work of NIST Working Groups Build an inventory of standards Map standards to use cases and RA model Determine standards gaps and overlaps Identify USG standardization priorities Concept of Operation Cloud Computing Standards Roadmap Working GroupCCSRWG CCSRWG Recommendations

24 US Department of Commerce 24 NIST Definition of Cloud Computing “Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.” Step 1

25 US Department of Commerce 25 http://collaborate.nist.gov/twiki-cloud-computing/bin/view/CloudComputing/StandardsRoadmap NIST CCSRWG Collaboration Site Step 2

26 US Department of Commerce 26 Leverage the work of NIST Working Groups AND Other work Cloud Computing Standards Roadmap Working Group SDOs & Others Standards, Conceptual Models, Reference Architectures, Standards Roadmaps, Studies SDOs & Others Standards, Conceptual Models, Reference Architectures, Standards Roadmaps, Studies NIST Cloud Computing Working Groups NIST Cloud Computing Working Groups Step 2

27 US Department of Commerce 27 NIST Cloud Computing Reference Architecture V1.0 Step 2

28 US Department of Commerce 28 Cloud Service Providers Operational Support Security Portability/Interoperability Data Portability Service Interoperability Service Interoperability System Portability System Portability Copy Data To-From Unified Management Interface Unified Management Interface Bulk Data Transfer VM Images Migration Application/Svc Migration Provisioning / Config Monitoring & Reporting Monitoring & Reporting Resource Change Rapid Provisioning SLA Management Metering Cloud Brokers Cloud Service Consumers Privacy Identity Management Identity Management Authentication and Authorization Authentication and Authorization Security Policy Mgmt Confidentiality Security Monitoring & Incident Response Security Monitoring & Incident Response Availability Integrity Step 2

29 US Department of Commerce 29 Inventory of Standards Relevant to CC http://collaborate.nist.gov/twiki-cloud-computing/bin/view/CloudComputing/StandardsInventory Step 3

30 US Department of Commerce 30 Inventory of Standards Relevant to CC Basic Definitions & Standards High Level Standards & Definition for Cloud and Web Services Categoriza- tion of Cloud Computing Related Standards Work-in- Progress TCP/IP, HTTP, HTML, XML, SOAP, REST, WSDL, SSL/TLS, XML/XMLD, JSON, TRP, DNS, SMTP… OVF, OCCI, CDMI, SPML, Web services, GridFTP, OAuth, OpenID, WS, WSS, SAML, Frameworx, XACML,…. Cloud Taxonomy – output from Reference Architecture Working Group… White papers… Step 3

31 US Department of Commerce 31 There are not many specific Cloud Computing Standards –Open Virtualization Format (OVF) –Open Cloud Computing Interface (OCCI) –Cloud Data Management Interface (CDMI) There are many cloud relevant IT standards to leverage Observations on Inventory Step 3

32 US Department of Commerce 32 Visualization of the Inventory Application Platform Architecture Virtualized Infrastructure Hardware Facility IaaS SaaS PaaS Cloud Computing Capabilities and Resources Provider Control and Responsibility Consumer Interface and Visibility OVF Step 3 IaaS PaaS SaaS Security OCCI CDMI SPML SAML OpenID OAuth XACML Data Communication TCP HTTP FTP SMTP DNS XML HTML JSON SOAP WSDL REST SSL/TLS GridFTP WS-Addressing XML DSig XML Encrypt SCAP Symmetric Crypto Asymmetric Crypto PKI JEE POP3/IMAP SQL IPV4 IPV6 ODF OOXML

33 US Department of Commerce 33 Existing Cloud Computing Specific Standards Cloud Provider Cloud Service Management Cloud Carrier Cloud Auditor Cloud Consumer Provisioning/ Configuration Provisioning/ Configuration Portability/ Interoperability Portability/ Interoperability Security Audit Privacy Impact Audit Performance Audit Business Support Business Support Physical Resource Layer Hardware Facility Resource Abstraction and Control Layer CDMI OCCI Privacy Security Service Layer IaaS SaaS PaaS Cloud Broker Service Implementation Service Aggregation Service Arbitrage OVF Step 4

34 US Department of Commerce 34 Cloud Computing Standards Gap Analysis Cloud Provider Cloud Service Management Cloud Carrier Cloud Auditor Cloud Consumer Provisioning/ Configuration Provisioning/ Configuration Portability/ Interoperability Portability/ Interoperability Security Audit Privacy Impact Audit Performance Audit Business Support Business Support Physical Resource Layer Hardware Facility Resource Abstraction and Control Layer PrivacySecurity Service Layer IaaS SaaS PaaS Cloud Broker Service Implementation Service Aggregation Service Arbitrage Step 5 SaaS Self-service management Application specific data formats Application functional interfaces SaaS Self-service management Application specific data formats Application functional interfaces

35 US Department of Commerce 35 Cloud Computing Standards Gap Analysis Cloud Provider Cloud Service Management Cloud Carrier Cloud Auditor Cloud Consumer Provisioning/ Configuration Provisioning/ Configuration Portability/ Interoperability Portability/ Interoperability Security Audit Privacy Impact Audit Performance Audit Business Support Business Support Physical Resource Layer Hardware Facility Resource Abstraction and Control Layer PrivacySecurity Service Layer IaaS SaaS PaaS Cloud Broker Service Implementation Service Aggregation Service Arbitrage Step 5 Resource description and discovery QoS specification, monitoring, reporting SLA specification and negotiation Billing and metering Resource description and discovery QoS specification, monitoring, reporting SLA specification and negotiation Billing and metering

36 US Department of Commerce 36 Cloud Computing Standards Gap Analysis Cloud Provider Cloud Service Management Cloud Carrier Cloud Auditor Cloud Consumer Provisioning/ Configuration Provisioning/ Configuration Portability/ Interoperability Portability/ Interoperability Security Audit Privacy Impact Audit Performance Audit Business Support Business Support Physical Resource Layer Hardware Facility Resource Abstraction and Control Layer Service Layer IaaS SaaS PaaS Cloud Broker Service Implementation Service Aggregation Service Arbitrage Step 5 Identity and Access Management Provisioning, management, replication, federation Single sign-on plus strong authentication Security auditing and compliance Identity and Access Management Provisioning, management, replication, federation Single sign-on plus strong authentication Security auditing and compliance PrivacySecurity

37 US Department of Commerce 37 USG Priorities – From Analysis of USG Use Cases Step 6 SaaS Self-service management Application specific data formats Application functional interfaces SaaS Self-service management Application specific data formats Application functional interfaces Resource description and discovery QoS specification, monitoring, reporting SLA specification and negotiation Billing and metering Resource description and discovery QoS specification, monitoring, reporting SLA specification and negotiation Billing and metering Identity and Access Management Provisioning, management, replication, federation Single sign-on plus strong authentication Security auditing and compliance Identity and Access Management Provisioning, management, replication, federation Single sign-on plus strong authentication Security auditing and compliance

38 US Department of Commerce 38 1.Agencies Clear and comprehensive requirements Participation in standards development Support concurrent development Procurement and grant guidance 2.CIO Council 3.Listing of standards Draft RecommendationsSummary Step 7

39 US Department of Commerce 39 Draft Recommendations Step 7 Agencies should contribute clear and comprehensive requirements for cloud computing standards projects. Agencies should actively participate in standards development projects that are of high priority to their agency missions. Cloud Standards naturally evolve in maturity, and agencies are advised to help accelerate this maturity by asking for vendors to show compliance with cloud standards in their roadmaps.

40 US Department of Commerce 40 Draft Recommendations Step 7 Agencies should support the concurrent development of conformity and interoperability assessment schemes to accelerate the development and use of technically sound standards and standards-based products, processes and services. Agencies should specify cloud computing standards in their procurements and grant guidance when multiple vendors offer standards-based implementations and there is evidence of successful interoperability testing.

41 US Department of Commerce 41 Draft Recommendations Step 7 The CIO Council Computing Standards Working Group should recommend specific cloud computing standards and best practices for USG wide use. A listing of standards relevant to cloud computing should be maintained by NIST.

42 US Department of Commerce 42 QUESTIONS? Courtesy HDR Architecture, Inc./Steve Hall © Hedrich Blessing Gaithersburg, MD © Geoffrey Wheeler Boulder, CO Mike Hogan mhogan@nist.gov Annie Sokol Annie.sokol@nist.gov

Download ppt "NIST Cloud Computing Standards Roadmap Working Group (CCSRWG) April 21, 2011 National Institute of Standards and Technology U.S. Department of Commerce."

Similar presentations

Policy based Cloud Services on a VCL platform Karuna P Joshi, Yelena Yesha, Tim Finin, Anupam Joshi University of Maryland, Baltimore County.

Policy based Cloud Services on a VCL platform Karuna P Joshi, Yelena Yesha, Tim Finin, Anupam Joshi University of Maryland, Baltimore County.
Overview of Priorities and Activities: Shared Services Canada Presentation to the Information Technology Infrastructure Roundtable June 17, 2013 Liseanne.

Overview of Priorities and Activities: Shared Services Canada Presentation to the Information Technology Infrastructure Roundtable June 17, 2013 Liseanne.
NIST Cloud Computing Program 1 NIST Cloud Computing Program - Highlights & Next Steps NIST Mission: To promote U.S. innovation and industrial competitiveness.

NIST Cloud Computing Program 1 NIST Cloud Computing Program - Highlights & Next Steps NIST Mission: To promote U.S. innovation and industrial competitiveness.
Advanced Health Models and Meaningful Use Workgroup: Roadmap Charge Overview Paul Tang, chair Joe Kimura, co-chair.

Advanced Health Models and Meaningful Use Workgroup: Roadmap Charge Overview Paul Tang, chair Joe Kimura, co-chair.
Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.

Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
Cybersecurity Blueprints

Cybersecurity Blueprints
Architecture Decision Group Group Organization & Processes April 7, 2015 | Tuesday.

Architecture Decision Group Group Organization & Processes April 7, 2015 | Tuesday.
Clouds C. Vuerli Contributed by Zsolt Nemeth. As it started.

Clouds C. Vuerli Contributed by Zsolt Nemeth. As it started.
Federal Cloud Computing Initiative Matthew Goodrich November 5, 2010 GSA Confidential and Proprietary – Not for Distribution Section 508 Coordinator Conference.

Federal Cloud Computing Initiative Matthew Goodrich November 5, 2010 GSA Confidential and Proprietary – Not for Distribution Section 508 Coordinator Conference.
SmartER Semantic Cloud Sevices Karuna P Joshi University of Maryland, Baltimore County Advisors: Dr. Tim Finin, Dr. Yelena Yesha.

SmartER Semantic Cloud Sevices Karuna P Joshi University of Maryland, Baltimore County Advisors: Dr. Tim Finin, Dr. Yelena Yesha.
ISO Current status of development

ISO Current status of development
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Annie W. Sokol, IT Specialist, NIST

Annie W. Sokol, IT Specialist, NIST
The topics addressed in this briefing include:

The topics addressed in this briefing include:
Cloud Usability Framework

Cloud Usability Framework
Investment Management Concepts Portfolio Management | Segment Architecture March 25, 2009 Adrienne Walker and Kshemendra Paul

Investment Management Concepts Portfolio Management | Segment Architecture March 25, 2009 Adrienne Walker and Kshemendra Paul
Cloud Computing Guide & Handbook SAI USA Madhav Panwar.

Cloud Computing Guide & Handbook SAI USA Madhav Panwar.
NIST Cloud Computing Program Current Activities

NIST Cloud Computing Program Current Activities
Standards for Shared ICT Jeju, 13 – 16 May 2013 Gale Lightfoot Senior Staff Program Manager, Office of the CTO, SPB Cisco ATIS Cybersecurity Standards.

Standards for Shared ICT Jeju, 13 – 16 May 2013 Gale Lightfoot Senior Staff Program Manager, Office of the CTO, SPB Cisco ATIS Cybersecurity Standards.

Similar presentations

Ads by Google