Research on Security Policies of U.S Government Cloud

doi:10.3969/j.issn.1671-1122.2015.09.057

Abstract

Abstract:

Recently, E-government cloud construction is carried out by governments. In this paper, the development of U.S government cloud is introduced, and the cloud security strategies adopted by U.S. government and mainstream cloud providers are deeply analysis. Based on the requirements of compliance and the development trend of security technology and security management in cloud, some considerations on our government cloud security strategies are proposed.

Key words: government cloud, security, FedRAMP, NIST cloud computing security reference architecture

CLC Number:

TP309

Ru-hui ZHANG, Chun-mei GUO, Xue-yao BI. Research on Security Policies of U.S Government Cloud[J]. Netinfo Security, 2015, 15(9): 257-261.

Figures/Tables 4

References 15

[1]	Vivek Kundra. A25-Point Implementation Plan to Reform Federal IT Management [EB/OL]. https://www.whitehouse.gov/sites/default/files/omb/assets/egov_docs/25-point-implementation-plan-to-reform-federal-it.pdf, 2010/2015-6-16.
[2]	Vivek Kundra. Federal Cloud Computing Strategy [EB/OL]. https://www.dhs.gov/sites/default/files/publications/digital-strategy/federal-cloud-computing-strategy.pdf, 2011/2015-6-16.
[3]	GAO. CLOUD COMPUTING Additional Opportunities and Savings Need to Be Pursued [EB/OL]. .
[4]	侯俐至,崔毅东. 基于Cloud Foundry的云计算PaaS平台拓扑展示设计与实现[J]. 信息网络安全,2014,(8):55-60.
[5]	IDC. Technology Selection: Government Cloud Spending by U.S. Federal Agency - Growth and Slight Contraction [EB/OL]. .
[6]	章恒,禄凯. 构建云计算环境的安全检查与评估指标体系[J]. 信息网络安全,2014,(9):115-119.
[7]	NIST. NIST Special Publication 500-299 NIST Cloud Computing Security Reference Architecture [EB/OL]. .
[8]	王威,吴羽翔,金鑫,等. 基于可信第三方的公有云平台的数据安全存储方案[J]. 信息网络安全,2014,(2):68-74.
[9]	IDC. IDC MarketScape: U.S. Government Private Cloud IaaS 2014 Vendor Assessment [EB/OL]. .
[10]	AWS. Amazon Web Services: Overview of Security Processes [EB/OL]. https://media.amazonwebservices.com/pdf/AWS_Security_Whitepaper.pdf, 2014/2015-6-16.
[11]	IBM. Safeguarding the cloud with IBM Dynamic Cloud Security [EB/OL]. .
[12]	秦志光,吴世坤,熊虎. 云存储服务中数据完整性审计方案综述[J]. 信息网络安全,2014,(7):1-6.
[13]	GB/T 31167-2014,信息安全技术云计算服务安全指南[S].
[14]	GB/T 31168-2014,信息安全技术云计算服务安全能力要求[S].
[15]	刘占斌,刘虹,火一莽. 云计算中基于密文策略属性基加密的数据访问控制协议[J]. 信息网络安全,2014,(7):57-60.