Cloud and Security

ОРГАНИЗАЦИИ

  • ISO — Международная организация по стандартизации (International Organization for Standardization).
  • ITU-T — Международный союз электросвязи — сектор телекоммуникаций (International Telecommunication Union — Telecommunication sector).
  • CSA — Альянс безопасности облачных вычислений (Cloud Security Alliance).
  • ENISA — Европейское агентство по сетевой и информационной безопасности (European Network and Information Security Agency).
  • NIST — Национальный институт стандартов и технологий США (National Institute of Standards and Technology).
  • ISACA — Ассоциация по аудиту и контролю информационных систем (Information System Audit and Control Association).
  • SNIA-CSI — Storage Networking Industry Association (SNIA) — Cloud Storage Initiative (CSI).

 

International Organization for Standardization
опубликованы

  • ISO/IEC 17788:2014 Information technology — Cloud computing — Overview and vocabulary
  • ISO/IEC 17789:2014 Information technology — Cloud computing — Reference architecture
  • ISO/IEC 17826:2012 Information technology — Cloud Data Management Interface (CDMI)
  • ISO/IEC 27040:2015 Information technology — Security techniques — Storage security
  • ISO/IEC 29100:2011 Information technology — Security techniques — Privacy framework

в разработке

  • ISO/IEC CD 19086-1 Information technology — Cloud computing — Service level agreement (SLA) framework and Technology — Part 1: Overview and concepts
  • ISO/IEC NP 19086-2 Information technology — Cloud computing — Service level agreement (SLA) framework and Technology — Part 2: Metrics
  • ISO/IEC NP 19086-3 Information technology — Cloud computing — Service level agreement (SLA) framework and Technology — Part 3: Core requirements
  • ISO/IEC AWI 19941 Information Technology — Cloud Computing — Interoperability and Portability
  • ISO/IEC AWI 19944 Information Technology — Cloud Computing — Data and their Flow across Devices and Cloud Services
  • ISO/IEC DIS 27017 Information technology — Security techniques — Code of practice for information security controls based on ISO/IEC 27002 for cloud services
  • ISO/IEC 27018:2014 Information technology — Security techniques — Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors
  • ISO/IEC WD 27036-4 Information technology — Information security for supplier relationships — Part 4: Guidelines for security of Cloud services

 

National Institute of Standards and Technology

опубликованы

  • SP 800-144 Guidelines on Security and Privacy in Public Cloud Computing
  • SP 800-145 The NIST Definition of Cloud Computing
  • SP 800-146 Cloud Computing Synopsis and Recommendations
  • SP 500-291 NIST Cloud Computing Standards Roadmap
  • SP 500-292 NIST Cloud Computing Reference Architecture

в разработке

  • SP 500-293 US Government Cloud Computing Technology Roadmap Volume I: High-Priority Requirements to Further USG Agency Cloud Computing Adoption;
  • SP 500-293 US Government Cloud Computing Technology Roadmap Volume II: Useful Information for Cloud Adopters
  • SP 500-299 NIST Cloud Computing Security Reference Architecture
  • Interagency Report 7904 Trusted Geolocation in the Cloud: Proof of Concept Implementation

 

Cloud Security Alliance

  • Security Guidance for Critical Areas of Focus in Cloud Computing
  • Cloud Controls matrix (CCM)
  • Concensus Assesments Initiative Questionare (CAIQ)
  • Trusted Cloud Initiative (TCI) Reference Architecture Model
  • Open Certification Framework.
  • Cloud Audit
  • Security as a Service Implementation Guidance
  • Privacy Level Agreement (PLA)
  • Top Threats to Cloud Computing
  • Cloude Trust Protocol (CTP)

 

International Telecommunication Union

  • X.1601 (01/2014) Security framework for cloud computing
  • X.goscc Guidelines of operational security for cloud computing
  • X.sfcse Security requirements for Software as a Service (SaaS) application environments

 

European Network and Information Security Agency 

  • Survey and analysis of security parameters in cloud SLAs across the European public sector
  • Cloude Computing — Benefits, risks and recomendations, Dec-2012.
  • Procure Secure: A guide to monitoring of security service levels in cloud contracts
  • Critical Cloud Computing-A Critical Information Infrastructure Protection (CIIP) perspective on cloud computing services
  • Incident Reporting for Cloud Computing
  • Governmental Clouds Security
  • Auditing Framework for Trust Service Providers

 

Сертификация поставщиков

  • CSA Security, Trust & Assurance registry (STAR) Certification
  • Federal Risk and Authorization Management Program (USA)

 

Другое

  • OWASP Cloud — 10 Project, Inicial pre-alfa list of OWASP Cloud Top 10 Security Risks, Apr-2011.
  • Cloud Standarts Customer Council, Cloud Security Standards: What to Expect & What to Negotiate, Oct-2013.
  • Проект ГОСТ РXXXXX–20ХX Защита информации. Требования по защите информации, обрабатываемой с использованием технологий «облачных вычислений». Общие положения