Posted by: David Harley | October 29, 2011

NIST, the cloud, and certification

I’ve no excuse for not having noticed this before, as it was an entry on the Infosecurity Magazine blog, to which I’m a contributor. But miss it I did, I’m afraid, for over a week, even though it’s testing related. The article ““Testing the Testers”: Certification and Cloud Computing” was actually contributed by the (ISC)² U.S. Government Advisory Board Executive Writers Bureau. (Coincidentally, I blog for (ISC)2 as well, butI have nothing to do with the Government Advisory Board AWB.)

Anyway, the blog notes that NIST (the National Institute of Standards and Technology) has just released a Cloud Computing Standards Roadmap, recognizing the complexity of certification of products in the context of the rising demand for cloud services. In particular, the draft inter-agency advisory report (NISTIR 7328) is about requirements for security assessment providers, in particular those who are offering assessment as a service.

While it’s a very different document to AMTSO’s guidelines for testing in the cloud, it comes from a similar appreciation of the difficulties of this area of testing.

ESET Senior Research Fellow

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.


%d bloggers like this: