The purpose of this document is to provide an overview of the high-priority security and privacy challenges perceived by Federal agencies as impediments to the adoption of the cloud computing. The document provides description of existing mitigations, or if no mitigations were identified, descriptions of ongoing efforts that could lead to mitigations. In the cases where no ongoing efforts were identified, the document makes recommendations for mitigation.
This document is not intended to be a comprehensive, exhaustive list of the highest risks to federal data in a cloud environment. It is instead a practical look at the concerns expressed by federal managers and documented by a number of sources within government and private industry. The identified priorities in this document are grouped into two categories:
- Process Oriented Security Requirements, and
- Focused Technical Security Requirements.