- NIST Special Publication 500-293: US Government Cloud Computing Technology Roadmap
- Vol. I, Rel. 1.0 (Draft) (High-Priority Requirements to Further USG Agency Cloud Computing Adoption) (Dec. 1, 2011) (full-text)
- Vol. II Rel. 1.0 (Draft) (Useful Information for Cloud Adopters) (Dec. 1, 2011) (full-text).
- Vol. III (First Working Draft) (Technical Considerations for USG Cloud Computer Deployment Decisions) (Nov. 3, 2011) (full-text).
Volume I Edit
Volume I is aimed at interested parties who wish to gain a general understanding and overview of the background, purpose, context, work, results, and next steps of the U.S. Government Cloud Computing Technology Roadmap initiative. It frames the discussion and introduces the roadmap in terms of:
- Prioritized strategic and tactical requirements that must be met for USG agencies to further cloud adoption;
- Interoperability, portability, and security standards, guidelines, and technology that must be in place to satisfy these requirements; and
- Recommended list of Priority Action Plans (PAPs) as candidates for development and implementation, through voluntary self-tasking by the cloud computing stakeholder community, to support standards, guidelines, and technology development.
Volume I reflects the collective inputs of USG agencies through the Federal CIO Council-sponsored Cloud Computing Standards and Technology Working Group.
Volume II Edit
Volume II is designed to be a technical reference for those actively working on strategic and tactical cloud computing initiatives, including, but not limited to, U.S. government cloud adopters. Volume II integrates and summarizes the work completed to date, and explains how these findings support the roadmap introduced in Volume I.
- Introduces a conceptual model, the NIST Cloud Computing Reference Architecture and Taxonomy;
- Presents USG target business use cases and technical use cases in the cloud;
- Identifies existing interoperability, portability, and security standards that are applicable to the cloud computing model and specifies high-priority gaps for which new or revised standards, guidance, and technology need to be developed;
- Discusses security challenges in the context of cloud computing adoption, high-priority security requirements, and current and future risk mitigation measures requirements; and
- Provides insight into the rationale for the list of candidate Priority Action Plans (PAPs) recommended for voluntary self-tasking by government and private sector organizations, listed in Volume I.
Volume III Edit
Volume III focuses on the tactical aspects of applying the technical work completed as part of the effort and presents a strawman methodology to do so. Volume III is designed to serve as a guide for decision makers who are planning and implementing cloud computing solutions, in the form of explaining how the technical work and resources in NIST's work can be applied, consistent with the Federal Cloud Computing Strategy "Decision Framework for Cloud Migration."
Volume III presents the methodology and walks through a representative sample of common cloud computing planning and deployment scenarios. The expectation is that the methodology will be refined in phase 2 of the NIST Cloud Computing program, and applied to the remainder of the 12 exemplar use cases, leveraging public working groups and the Federal Cloud Computing Standards and Technology working group. Volume III also provides several "pointers and tips" to assist the IT decision makers and engineers.
Volume III aims to evolve as a useful technical guidance tool. The intent is to support a consistent logical cookbook-like approach that can be applied by USG agencies and others in the technical journey from concept to deployment. Volume III is intended to assist the IT decision makers in identifying relevant NIST Cloud Computing publications for a given cloud scenario. The goal is to provide a technical reference for those who are trying to define a "to-do list" of questions to be answered, important specifications/standards to be considered and selected, and cloud characteristics to be enumerated, relevant to a given Cloud Computing use-case. It also provides a long term vision for Cloud Interoperability.