The National Institute of Standards and Technology is developing new guidelines on cloud security controls to supplement the Federal Risk and Authorization Management Program’s baselines and impact levels, FierceGovernmentIT reported Thursday.
Molly Bernhart Walker writes that Michaela Iorga, NIST’s senior security technical lead for cloud computing, said the future NIST Special Publication 800-174 will focus on the security controls’ distribution and placement.
Iorga told an audience at the Cloud Security Alliance’s federal summit the new guidance will have a “cloud overlay” to ensure that cloud security goes beyond the FedRAMP baseline.
“A baseline is a baseline,” she said, according to the report.
“But if you want to have a security posture on the system that is commensurable with your needs, then maybe you can look at the other controls that are there if we have more listed.”
