NIST Publishes US Government Cloud Computing Roadmap

The National Institute of Standards and Technology (NIST) publishes its final US Government Cloud Computing Technology Roadmap.


This article originally appeared at The WHIR

The National Institute of Standards and Technology (NIST) published its final US Government Cloud Computing Technology Roadmap this week. It identifies 10 requirements expected to encourage cloud adoption by government agencies while also generally supporting innovation in cloud computing technology.

The 10 requirements collectively relate to interoperability, performance, portability, and security, and are largely intact from the draft version of the roadmap, published in 2011.

The second requirement “Solutions for High-priority Security Requirements, technically de-coupled from organizational policy decisions” has been changed to reflect the need for industry to develop technical solutions which support diverse policy rules, including not only legal ones, but also government or business policy rules, for instance.

Requirement six identifies a need for “Updated Organization Policy that reflects the Cloud Computing Business and Technology model.” This requirement has been updated to reflect the changing practical reality of cloud security requirements, and refers specifically to the difficulties in a current cloud model of enforcing law and policy through physical location. The section on this requirement also notes the inhibiting effect on cloud adoption of outdated government policies on issues like domestic storage.

“Cloud computing is still in an early deployment stage, and standards are crucial to increased adoption,” the report says. “The urgency is driven by rapid deployment of cloud computing in response to financial incentives. Standards are critical to ensure cost-effective and easy migration, to ensure that mission-critical requirements can be met, and to reduce the risk that sizable investments may become prematurely technologically obsolete.”

The Roadmap (PDF) consists of two volumes. Volume 1 covers “High-Priority Requirements to Further USG Agency Cloud Computing Adoption,” while volume 2 consists of “Useful Information for Cloud Adopters.” The final version takes into consideration input from over 200 US and international commenters.

Each requirement is addressed with recommended priority action plans which consist of one to four elements. Each element is identified as periodic, ongoing, or given a year for targeted completion, between 2014 and 2017.

NIST has also been working on other aspects of cloud computing, and suggested in July that cloud providers should adopt protocols to aid forensic investigators. It is also working on the US government’s cybersecurity framework.

Government cloud adoption has grown since the draft of the report was released, but some agencies, such as the Department of Defense, have delayed adoption, despite the massive potential savings for taxpayers, which was estimated a year ago by MeriTalk to be $20.5 billion annually.

This article originally appeared at:

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.