The TC is responsible for the development and maintenance of specifications for Secure Elements (SEs) in a multi-application capable environment, the integration into such an environment, as well as the secure provisioning of services making use of SEs.
ITU-T SG3 is responsible, inter alia, for studying international telecommunication/ICT policy and economic issues and tariff and accounting matters (including costing principles and methodologies), with a view to informing the development of enabling regulatory models and frameworks.
The Joint Task Force Transformation Initiative (JTFTI) is an Interagency Working Group working to produce a Unified Information Security Framework for the federal government. The JTFTI is made up of representatives from the Civil, Defense, and Intelligence Communities.
The Project Leader is Ron Ross of NIST.
The formation of NIST Cloud Computing Security Working Group (NCC-SWG) is an integral part of the overall NIST effort to facilitate secure adoption of cloud services for United State Government (USG).
The Software Defined Perimeter working grouped launched with the goal to develop a solution to stop network attacks against application infrastructure. With the adoption of cloud services the threat of network attacks against application infrastructure increases since servers can not be protected with traditional perimeter defense techniques.
The CSA Open Certification WG is an industry initiative to allow global, accredited, trusted certification of cloud providers. It is a program for flexible, incremental and multi-layered cloud provider certification according to the CSA’s industry leading security guidance and control objectives. The program will integrate with popular third-party assessment and attestation statements developed within the public accounting community to avoid duplication of effort and cost.
This working group aims at creating PLA templates that can be a powerful self-regulatory harmonization tool, which is almost impossible to achieve at global level using traditional legislative means. This will provide a clear and effective way to communicate to (potential) customers a CSP’s level of personal data protection, especially when trans-border data flaw is concerned.
The Cloud Security Alliance Cloud Controls Matrix (CCM) is specifically designed to provide fundamental security principles to guide cloud vendors and to assist prospective cloud customers in assessing the overall security risk of a cloud provider. The CSA CCM provides a controls framework that gives detailed understanding of security concepts and principles that are aligned to the Cloud Security Alliance guidance in 13 domains. The foundations of the Cloud Security Alliance Controls Matrix rest on its customized relationship to other industry-accepted security standards, regulations, and controls frameworks such as the ISO 27001/27002, ISACA COBIT, PCI, NIST, Jericho Forum and NERC CIP and will augment or provide internal control direction for service organization control reports attestations provided by cloud providers.
This public working group will focus on developing an approach to advancing the Federated Community Cloud, which falls under Requirement 5 of the U.S. Government Cloud Computing Technology Roadmap, USG-Wide Use of Cloud Computing Standards. Not to be confused with the concept of cloud deployment models, the focus of Federated Community clouds is to develop a framework to support seamless implementations of disparate community cloud environments. The future of cloud computing is where both internal and external cloud resources from multiple providers are deployed and managed in order to meet business needs. To achieve this industry and government will need to work together to develop frameworks, technologies, and methodologies that can support seamless implementation of various cloud computing environments through a focus on interoperability and portability standards.
The scope of the project is to fully understand and describe the elements of federated cloud computing. This will involve developing and gaining consensus on a common federated cloud computing vocabulary, as well as developing an underlying conceptual model of what federated cloud computing is, its major components, and users/stakeholders. The Working Group will then use that conceptual model to map out an implementation strategy including a gap analysis to identify the missing technologies and standards needed to cultivate a seamless system of systems. The anticipated results are:
The Working Group will also investigate and identify the needed technologies, tools, and standards to enable these environments. They will use material from NIST’s Cloud Computing Reference Architecture (NIST SP 500-292)
and materials located at the group’s public twiki site: http://collaborate.nist.gov/twiki-cloud-computing/bin/view/CloudComputing/RATax_FedCommunity.
The Working Group will work in a coordinated effort with the IEEE ICWG/2302 WG – Intercloud Working Group to produce an implementation of this reference material and create a compliant technical standard.
Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model promotes availability and is composed of five essential characteristics (On-demand self-service, Broad network access, Resource pooling, Rapid elasticity, Measured Service); three service models (Cloud Software as a Service (SaaS), Cloud Platform as a Service (PaaS), Cloud Infrastructure as a Service (IaaS)); and, four deployment models (Private cloud, Community cloud, Public cloud, Hybrid cloud). Key enabling technologies include: (1) fast wide-area networks, (2) powerful, inexpensive server computers, and (3) high-performance virtualization for commodity hardware.
The Cloud Computing model offers the promise of massive cost savings combined with increased IT agility. It is considered critical that government and industry begin adoption of this technology in response to difficult economic constraints. However, cloud computing technology challenges many traditional approaches to datacenter and enterprise application design and management. Cloud computing is currently being used; however, security, interoperability, and portability are cited as major barriers to broader adoption.
The long term goal is to provide thought leadership and guidance around the cloud computing paradigm to catalyze its use within industry and government. NIST aims to shorten the adoption cycle, which will enable near-term cost savings and increased ability to quickly create and deploy enterprise applications. NIST aims to foster cloud computing systems and practices that support interoperability, portability, and security requirements that are appropriate and achievable for important usage scenarios.
Terms of Reference:
The development of standards for the protection of information and ICT. This includes generic methods, techniques and guidelines to address both security and privacy aspects, such as:
SC 27 engages in active liaison and collaboration with appropriate bodies to ensure the proper development and application of SC 27 standards and technical reports in relevant areas
