Trusted Cloud: VMware Hybrid Cloud IaaS Environments

This project is in the build phase. We have selected several technology collaborators who have signed a Cooperative Research and Development Agreement (CRADA; see an example) with NIST. Download the Trusted Geolocation in the Cloud project description (PDF) for further details.

The NCCoE recently released a preliminary draft of Volume B: Approach, Architecture, and Security Characteristics of the NIST Cybersecurity Practice Guide SP 1800-19, Trusted Cloud: Security Practice Guide for VMware Hybrid Cloud Infrastructure as a Service (IaaS) Environments. The preliminary draft is stable but has some gaps in its content that will be addressed in the next draft. The NCCoE is requesting your feedback on the preliminary draft to help shape the next draft. The initial comment period on this volume will close on January 11, 2019. Comments may be submitted online or emailed to trusted-cloud-nccoe@nist.gov.

Following an experimental agile process for continuous delivery of special publication, the other volumes of this practice guide will be released for review and comment on different schedules so that each volume is made available as soon as possible, rather than delaying the release of completed volumes until all other volumes are also completed. The guide will be available in three volumes:

SP 1800-19A: Executive Summary (preliminary draft)
SP 1800-19B: Approach, Architecture, and Security Characteristics (preliminary draft)
SP 1800-19C: How-To Guides (coming soon)

The National Cybersecurity Center of Excellence (NCCoE) at NIST recognizes the need to address security and privacy challenges for the use of shared cloud services in hybrid cloud architectures, and has launched this project. This project is using commercially available technologies to develop a cybersecurity reference design that can be implemented to increase security and privacy for cloud workloads on hybrid cloud platforms.

This project will demonstrate how the implementation and use of trusted compute pools not only will provide assurance that workloads in the cloud are running on trusted hardware and are in a trusted geolocation, but also will improve the protections for the data within workloads and flowing between workloads. This project will result in a NIST Cybersecurity Practice Guide—a publicly available description of the solution and practical steps needed to implement a cybersecurity reference design that addresses this challenge.

Questions? Comments? Contact us at trusted-cloud-nccoe@nist.gov.

Collaborating Vendors

Organizations participating in this project submitted their capabilities in response to an open call in the Federal Register for all sources of relevant security capabilities from academia and industry (vendors and integrators). The following respondents with relevant capabilities or product components (identified as “Technology Partners/Collaborators” herein) signed a Cooperative Research and Development Agreement to collaborate with NIST in a consortium to build this example solution.

_{Certain commercial entities, equipment, products, or materials may be identified by name or company logo or other insignia in order to acknowledge their participation in this collaboration or to describe an experimental procedure or concept adequately. Such identification is not intended to imply special status or relationship with NIST or recommendation or endorsement by NIST or NCCoE; neither is it intended to imply that the entities, equipment, products, or materials are necessarily the best available for the purpose.}