NIST Details Federal Cloud Standards Roadmap, Suggested Cloud Architecture

cloud computing standards help guide federal agencies to cloud computing technologies

The pair of documents were designed to help federal agencies identify cloud standards they should adhere to when moving to the cloud, the various categories of cloud services that can be used across government bodies and the roles of various cloud providers. These new documents, coupled with others from NIST and NIST working groups, will be compiled into the NIST U.S. Government Cloud Computing Technology Roadmap, expected in November.

NIST's cloud push dovetails off of former Federal CIO Vivek Kundra's cloud-first policy that dictates the U.S. government will first investigate cloud computing options when making new technology purchases. The cloud first policy is a bid to save the government cash and trim its $80 billion IT budget.

First, the NIST Cloud Computing Standards Roadmap is a 76-page document that looks to lay out standards necessary to deploy and leverage cloud computing architectures. Major components include security, portability and interoperability. NIST also identified potential use cases for the cloud and standardization priorities.

"Cloud computing standards are already available in support of many of the functions and requirements for cloud computing. While many of these standards were developed in support of pre-cloud computing technologies, such as those designed for Web services and the Internet, they also support the functions and requirements of cloud computing. Other standards are now being developed in specific support of cloud computing functions and requirements, such as virtualization," the NIST wrote in the document.

The document continues: "To assess the state of standardization in support of cloud computing, the NIST Cloud Computing Standards Roadmap Working Group has compiled an Inventory of Standards Relevant to Cloud Computing. This inventory is being maintained and will be used to update this document as necessary. Using the taxonomy developed by the NIST Cloud Computing Reference Architecture and Taxonomy Working Group, cloud computing relevant standards have been mapped to the requirements of portability, interoperability, and security."

The standards report also highlights gaps that are not filled by current standards.

"Present areas with standardization gaps include: SaaS functional interfaces; SaaS self-service management interfaces; PaaS functional interfaces; business support/provisioning/configuration; and security and privacy," the NIST wrote. "Present standardization areas of priority to the federal government include: security auditing and compliance; identity and access management; SaaS application specific data and metadata; and resource description and discovery."

NIST Standards Working Group Co-convener Michael Hogan said in a statement that the standards roadmap "encourages federal agencies to become involved with developing specific cloud computing standards projects that support their priorities in cloud computing services to move cloud computing standards forward."

Meanwhile, the agency also unveiled the NIST Cloud Computing Reference Architecture, a 35-page guide to vendor-neutral cloud design which agencies can use to determine their route to the cloud. The reference architecture and taxonomy was designed as an actor-based system that details the main elements of cloud computing based on five key roles: consumer, provider, broker, auditor and carrier.

"Our point was to create a level playing field for industry to discuss and compare their cloud offering with the U.S. government," said NIST Reference Architecture Working Group Co-convener Robert Bohn in a statement. "The publication is also an opportunity for industry to map their reference architecture to the one NIST developed with input from all sectors."