• Site Search
  • Lawyer Search

Events

Find MoFo info.
  • Print PDF
  • Subscribe to RSS
  • MoFolder

New NIST Cloud Security Guidelines: Implications for Federal Procurement, Private Sector Cloud Architecture and Associated IT and Legal Issues

Law Seminars International Teleconference
8/21/201310:00 AM-11:00 AM
Peter F. McLaughlin
Privacy + Data Security
Speaking Engagement

Peter McLaughlin is speaking on "New NIST Cloud Security Guidelines" at Law Seminar International's teleconference.

About the Program

Earlier this year, the National Institute of Standards and Technology (NIST), a division of the U.S. Department of Commerce, issued a draft Special Publication (SP 500-299) as part of its ongoing charge to develop technical and security standards for adoption of cloud computing by federal agencies. NIST SP 500-299 introduces the NIST Cloud Computing Security Reference Architecture (NCC-SRA), which details a comprehensive methodology for applying a cloud-adapted Risk Management Framework. Because federal agencies will soon be mandated to utilize only cloud providers assessed and authorized through the Federal Risk and Authorization Management Program, these new NIST standards effectively set the parameters for all federal procurement of cloud services. This in turn will directly impact the use of cloud services and contractual terms in the private sector.

NIST SP 500-299 joins a plethora of previously issued NIST special publications addressing cloud computing ranging from NIST's definition of cloud computing to a three volume publication detailing the U.S. governmental cloud computing technology road map. The NCC-SRA methodology will operate in conjunction with an associated set of security components identified in the Cloud Security Alliance's Trusted Cloud Initiative. The public comment period for SP 500-299 ended in July, and NIST's working group team is analyzing and examining the submitted commentary. At 204 pages, NIST SP 500-299 is an extremely comprehensive set of guidelines that will have a broad impact on the design of cloud computing security architecture.

This one-hour TeleBriefing will highlight key technical and legal issues introduced by NIST SP 500-299 and provide a broader context to understand NIST's ongoing cloud-related efforts.

What You Will Learn

  • NIST's new approach in allocating cloud parties responsibility for recommended controls
  • The framework NIST is formulating and criteria for selection of cloud providers
  • The core security components the NCC-SRA will likely result in once finalized
  • The key short-term IT and legal issues raised once the NCC-SRA is adopted
This is MoFo.
Share
© 1996-2013 Morrison & Foerster LLP. All rights reserved.
[ A- | A+ ]
Loading...
Loading...