NIST's 10 cloud computing requirements

By Tom Sullivan
01:16 PM

Despite all the attention that the Cloud-First policy garners, the truth remains that cloud computing is still nascent within the federal government, deployment-wise. And agencies considering transitioning to the model face a number of challenges.

To address those – namely technology, guidance, security and standards – The National Institute of Standards and Technology (NIST) etched a draft roadmap to cloud computing and opened it to public comments.

[Related: Is the U.S. government as far behind on cloud computing as we thought?]

“In the technology vision of Federal Cloud Computing Strategy success, USG agencies will be able to easily locate desired IT services in a mature and competitive marketplace, rapidly procure access to these services, and use them to deliver innovative mission solutions,” NIST explained in the document. “Cloud services will be secure, interoperable, and reliable. Agencies will be able to switch between providers easily and with minimal cost, and receive equal or superior services.”

That will not be easy. Which is why the organization broke out 10 high-priority requirements “to further USG cloud computing technology adoption.” Those are:

1. International voluntary consensus-based interoperability, portability, and security standards (interoperability, portability, and security standards)
2. Solutions for high-priority Security Requirements (security technology)
3. Technical specifications to enable development of consistent, high-quality Service-Level Agreements (interoperability, portability, and security standards and guidance)
4. Clearly and consistently categorized cloud services (interoperability and portability guidance and technology)
5. Frameworks to support seamless implementation of federated community cloud environments (interoperability and portability guidance and technology)
6. Technical security solutions which are de-coupled from organizational policy decisions (security guidance, standards, and technology)
7. Defined unique government regulatory requirements, technology gaps, and solutions (interoperability, portability, and security technology)
8. Collaborative parallel strategic “future cloud” development initiatives (interoperability, portability, and security technology)
9. Defined and implemented reliability design goals (interoperability, portability, and security technology)
10. Defined and implemented cloud service metrics (interoperability and portability standards)

Acknowledging the “significance and breadth” of cloud computing, as well as the urgency sparked by the need to reduce overall IT costs, NIST charted the road map and the above list of requirements to “accelerate US government adoption, as well as leverage the strengths and resources of government, industry, academia, and standards organization stakeholders,” and as a way to also foster innovation.

“Standards are critical to ensure cost-effective and easy migration, to ensure that mission-critical requirements can be met, and to reduce the risk that sizable investments may become prematurely technologically obsolete,” NIST officials explained in the roadmap document. “Standards are key to ensuring a level playing field in the global marketplace.

[Related: The 8 health IT facets of NASCIO's top 10 priority list for 2012.]

NIST designed its program to support accelerated US government adoption, as well as leverage the strengths and resources of government, industry, academia and standards organization stakeholders to support cloud computing technology innovation.

The public comments period closes December 2, 2011.