The National Institute of Standards and Technology is looking for input on its draft guidance for managing user access to cloud infrastructure including commercial “as a service” models.
NIST said that the draft document covers cloud access control procedures in line with federal requirements for protecting sensitive information and critical computing resources.
The agency noted that while AC procedures encompass infrastructure- and platform-as-a-service environments as well as software-as-a-service frameworks, each model has a set of requirements specific to their respective cloud architectures.
According to NIST, previous cloud-focused AC standards did not cover comprehensive user access assessments and primarily served as ad hoc guidelines. However, the agency noted that the draft guidance does not include organization-specific standards for internal cloud AC functionalities.
NIST will accept stakeholder feedback through May 15.