NIST Cloud Computing Security Reference Architecture: NIST SP 500-299

DRAFT NIST SP 500-299 May 5, 2013 DRAFTThis DRAFT document was developed as part of a collective effort by the NIST Cloud Computing Public Security Working Group in response to the priority action plans for the early USG cloud computing adoption identified in NIST SP 500-293. This document is designed to serve as a guide for USG agency technical planning and implementation teams. The study upon which the NCC-SRA is based collected, aggregated, and validated data for a Public cloud, considering all three cloud service models – Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS).Cloud computing has the potential to offer good cost savings both in terms of capital expenses (CAPEX) and operational expenses (OPEX) as well as leverage leading-edge technologies to meet the information processing needs of USG. However, the change in control dynamics (both in terms of ownership and management) with respect to IT resources poses security challenges. Why buy a book you can download for free?First you gotta find it and make sure it’s the latest version, not always easy. Then you gotta print it using a network printer you share with 100 other people – and its outta paper – and the toner is low (take out the toner cartridge, shake it, then put it back). If it’s just 10 pages, no problem, but if it’s a 250-page book, you will need to punch 3 holes in all those pages and put it in a 3-ring binder. Takes at least an hour. An engineer that’s paid $75 an hour has to do this himself (who has assistant’s anymore?).If you are paid more than $10 an hour and use an ink jet printer, buying this book will save you money.It’s much more cost-effective to just order the latest version from Amazon.comThis material is published by 4th Watch Books. We publish tightly-bound, full-size books at 8 ½ by 11 inches, with glossy covers. 4th Watch Books is a Service Disabled Veteran Owned Small Business (SDVOSB) and is not affiliated with the National Institute of Standards and Technology. A full copy of all the pertinent cybersecurity standards is available on DVD-ROM in the CyberSecurity Standards Library disc which is available at

Author: National Institute of Standards and Technology

Learn more