Stakeholders have until May 15 to provide feedback to NIST on draft guidance for controlling how various users should be allowed to navigate within cloud computing environments.
The push to adopt cloud services has sometimes led to a misconception that cloud providers become responsible for securing sensitive data from hackers. Draft NIST Special Publication 800-210 refutes that contention, before delving into specific guidelines and recommendations on the cloud services federal agencies are encouraged to adopt. It presents cloud access control characteristics and a set of general access control guidance for cloud service models: IaaS (Infrastructure as a Service), PaaS (Platform as a Service), and SaaS (Software as a Service).
