Eric Hibbard

Update on International Cloud Standards

Discussion created by Eric Hibbard Employee on Aug 13, 2014
Latest reply on Oct 15, 2014 by Eric Hibbard

ISO/IEC JTC 1/SC38 and ITU-T Study Group 13 have successfully concluded their collaborative work on:

 

  • Rec. ITU-T 3500 | ISO/IEC 17788, Information technology - Cloud computing - Overview and concepts
  • Rec. ITU-T 3502 | ISO/IEC 17789, Information technology - Cloud computing - Reference architecture

 

With the publication of these foundational standards (anticipated in the next month or two), the cloud industry will finally have a common vocabulary and set of concepts that can help bring some consistency to this industry. It will be interesting to see how companies and government entities (especially NIST and ENISA) adjust their efforts and documents to reflect these new standards.

 

In addition, ISO/IEC JTC 1/SC27 has recently published:

 

  • ISO/IEC 27018:2014, Information technology - Security techniques - Code of practice for PII protection in public clouds acting as PII processors

 

It is also worth noting that the following projects are underway as well:

 

  • ISO/IEC 27017, Information technology - Security techniques - Guidelines on information security controls for the use of cloud computing services based on ISO/IEC 27002  [by ISO/IEC JTC 1/SC27]
  • ISO/IEC 19086-1, Information technology - Cloud computing - Service Level Agreement (SLA) framework and terminology - Part 1: Overview and concepts [by ISO/IEC JTC 1/SC38]
  • ISO/IEC 19086-2, Information technology - Cloud computing - Service Level Agreement (SLA) framework and terminology - Part 2: Metrics [by ISO/IEC JTC 1/SC38]
  • ISO/IEC 19086-3, Information technology - Cloud computing - Service Level Agreement (SLA) framework and terminology - Part 3: Core requirements [by ISO/IEC JTC 1/SC38]

 

Finally, there are several potential projects that are in various stages of getting started, including:

 

  • New Work Item Proposal (NWIP):  Information technology - Cloud computing - Data Flow and their Flow Across Devices and Cloud Services  [by ISO/IEC JTC 1/SC38]
  • New Work Item Proposal (NWIP): Information technology - Cloud computing - Interoperability and Portability  [by ISO/IEC JTC 1/SC38]
  • Study Period:  Cloud Adapted Risk Management Framework [by ISO/IEC JTC 1/SC27]
  • Study Period:  Cloud Security Assessment and Audit  [by ISO/IEC JTC 1/SC27]
  • Study Period:  Cloud Security Components  [by ISO/IEC JTC 1/SC27]

Outcomes