The National Cybersecurity Center of Excellence (NCCoE) announces the release of publications on trusted cloud and hardware-enabled security. The foundation of any data center or edge computing security strategy should be securing the platform on which data and workloads will be executed and accessed. The physical platform represents the first layer for any layered security approach and provides the initial protections to help ensure that higher-layer security controls can be trusted.
- National Institute of Standards and Technology (NIST) Special Publication (SP) 1800-19, Trusted Cloud: Security Practice Guide for VMware Hybrid Cloud Infrastructure as a Service (IaaS) Environments, presents an example of a trusted hybrid cloud solution that demonstrates how trusted compute pools leveraging hardware roots of trust can provide the necessary security capabilities for cloud workloads in addition to protecting the virtualization and application layers.
- NIST Internal Report (NISTIR) 8320, Hardware-Enabled Security: Enabling a Layered Approach to Platform Security for Cloud and Edge Computing Use Cases, explains hardware-enabled security techniques and technologies that can improve platform security and data protection for cloud data centers and edge computing. NISTIR 8320 is the foundational document in a series of NISTIRs, including 8320A, 8320B, and 8320C.
Each of the reports below, NISTIR 8320A, NISTIR 8320B, and NISTIR 8320C, are intended to be used as a blueprint or template that the general security community can use as example proof of concept implementations.
- NISTIR 8320A, Hardware-Enabled Security: Container Platform Security Prototype, explains an approach based on hardware-enabled security techniques and technologies for safeguarding container deployments in multi-tenant cloud environments.
- NISTIR 8320B, Hardware-Enabled Security: Policy-Based Governance in Trusted Container Platforms, explains an approach based on hardware-enabled security techniques and technologies for safeguarding container deployments in multi-tenant cloud environments.
- Draft NISTIR 8320C, Hardware-Enabled Security: Machine Identity Management and Protection, presents an approach for overcoming security challenges associated with creating, managing, and protecting machine identities, such as cryptographic keys, throughout their lifecycle.
We Want to Hear from You!
Review the draft NISTIR 8320C and submit comments online on or before June 6, 2022. You can also contact us at firstname.lastname@example.org. We value and welcome your input and look forward to your comments.