Org
USAF AFLCMC/HNCEI
Section
2.2
Comment
These guidelines do not address cloud with respect to possible considerations for authenticating to cloud services from outside or from within cloud boundaries.
Rationale
Such guidance is needed as assets increasingly are moving to cloud hosted environments. Current cloud security guidance is notably missing when it comes to authentication to numerous cloud services where multiple identities are involved.
Suggested Change
Incorporate language that addresses Cloud Computing Reference Architecture (ISO/IEC 17788 and 17789) terms and concepts such as cloud service customer, partner, and provider, and how authentication will take place as a security service supporting these roles.
Resolution
Modify
Explanation
With IAL, AAL, FAL, does a cloud computing environment matter? Is there anything in cloud computing ref arch that can't be traced to existing document? How would we map NIST 800-63-3 terminology to cloud computing use cases? Is this obvious? Would we need to? Nate will look into it.
Org
USAF AFLCMC/HNCEI
Section
2.2
Comment
These guidelines do not address cloud with respect to possible considerations for authenticating to cloud services from outside or from within cloud boundaries.
Rationale
Such guidance is needed as assets increasingly are moving to cloud hosted environments. Current cloud security guidance is notably missing when it comes to authentication to numerous cloud services where multiple identities are involved.
Suggested Change
Incorporate language that addresses Cloud Computing Reference Architecture (ISO/IEC 17788 and 17789) terms and concepts such as cloud service customer, partner, and provider, and how authentication will take place as a security service supporting these roles.
Resolution
Modify
Explanation
With IAL, AAL, FAL, does a cloud computing environment matter? Is there anything in cloud computing ref arch that can't be traced to existing document? How would we map NIST 800-63-3 terminology to cloud computing use cases? Is this obvious? Would we need to? Nate will look into it.