SP 800-209 (Draft) "Security Guidelines for Storage Infrastructure"
The public comment period for this document is open through
August 31st, 2020.Excerpt from NISTStorage infrastructure-along with compute (encompassing OS and host hardware) and network infrastructures-is one of the three fundamental pillars of Information Technology (IT). However, compared to its counterparts, it has received relatively limited attention when it comes to security, even though data compromise can have as much negative impact on an enterprise as security breaches in compute and network infrastructures.
In order to address this gap, NIST is releasing Draft Special Publication (SP) 800-209, Security Guidelines for Storage Infrastructure, which includes comprehensive security recommendations for storage infrastructures. The security focus areas covered in this document not only span those that are common to the entire IT infrastructure-such as physical security, authentication and authorization, change management, configuration control, and incident response and recovery-but also those that are specific to storage infrastructure, such as data protection, isolation, restoration assurance, and data encryption.
The public comment period for this document is open through August 31, 2020. See the publication details for a copy of the document and instructions for submitting comments.
NOTE: A call for patent claims is included on page iii of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.
Publication details:
https://csrc.nist.gov/publications/detail/sp/800-209/draft
Public comment period: July 21, 2020 through August 31, 2020
Questions/Comments on Draft SP 800-209? Send email to: [email protected]
Table of ContentsExecutive Summary
1 - Introduction
1.1 Scope
1.2 Target Audience
1.3 Relationship to other NIST Guidance Documents
1.4 Organization of this Document
2 - Data Storage Technologies: Background
2.1 Block Storage Service
2.2 File Storage Service
2.3 Object Storage Service
2.4 Content-addressable Storage (CAS) Service
2.5 Higher-level Data Access Service
2.6 Software-defined Storage
2.7 Storage Virtualization
2.8 Storage for Virtualized Servers
2.9 Converged and Hyper-Converged Storage
2.10 Storage Infrastructure in Cloud
2.11 Storage Management
3 - Threats, Risks, and Attack Surfaces
3.1 Threats
3.2 Risks to Storage Infrastructure
3.3 Attack Surfaces
4 - Security Guidelines for Storage Deployments
4.1 Physical Storage Security
4.2 Data Protection
4.3 Authentication and Data Access Control
4.4 Audit Logging
4.5 Preparation for Data Incident Response and Cyber Recovery
4.6 Guidelines for Network Configuration
4.7 Isolation
4.8 Restoration Assurance
4.9 Encryption
4.10 Administrative Access
4.11 Configuration Management
5 - Summary and Conclusions
6 - References
------------------------------
Olivier Caleff - CSA French Chapter - Chapter Leader -
[email protected] -
https://CloudSecurityAlliance.fr------------------------------