Cloud Computing. The National Institute for Standards and Technology defines cloud computing as a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. For more information see NIST Special Publication 800-145. Cloud Service Provider (CSP): A company or institution that offers some component of cloud computing to other businesses or individual, typically Infrastructure as a Service (IaaS), Software as a Service (SaaS) or Platform as a Service (PaaS), as defined by the National Institute of Standards and Technology. For more information see NIST Special Publication 800-145. Data Access Request (DAR): A request submitted to a Data Access Committee for a specific “consent group” specifying the data to which access is sought, the planned research use, and the names of collaborators and the IT Director. The DAR is signed by the PI requesting the data and her/his Institutional Signing Official. Requester Collaborators and project team members on a request must be from the same organization.
Cloud Computing. The following is an excerpt from the most recent NIST guidance:
Cloud Computing. The term refers to Internet-based computing derived from the cloud drawing representing the Internet in computer network diagrams. Cloud computing providers deliver on-line and on-demand Internet services. Cloud Services normally use a browser or Web Server to deliver and store information. Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model is composed of five essential characteristics, three service models, and four deployment models.
Cloud Computing. Service Providers may provide cloud computing solutions for IT Disaster Recovery. Solutions proposed shall adhere to the terms and standards of this solicitation and must include the following: A complete description of the solution(s) provided Security measures provided to protect data Meet the Standards and Policies included in 6.2.15 and 6.2.16
Cloud Computing. The National Institute for Standards and Technology defines cloud computing as a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. For more information see NIST Special Publication 800-145. Cloud Service Provider (CSP): A company or institution that offers some component of cloud computing to other businesses or individual, typically Infrastructure as a Service (IaaS), Software as a Service (SaaS) or Platform as a Service (PaaS), as defined by the National Institute of Standards and Technology. For more information see NIST Special Publication 800-145.
Cloud Computing. Seller shall complete Buyer’s Third-Party Risk Assessment if providing Cloud Computing services and provide evidence of any third-party audits or certifications relating to cyber security implementation. Seller shall meet or exceed the security standards established by the Government for the Federal Risk and Authorization Management Program (FedRAMP) Moderate baseline. Seller shall retain Subcontract Data within the United States at all times, to include data backups, unless the Seller receives written notification from Buyer to use another location. Seller shall certify to Buyer in writing its compliance with this requirement.
Cloud Computing. 2.1 If using a multi-tenanted Cloud Computing service, the following requirements apply:
a. Cloud computing providers must be listed on the Australian Signals Directorate’s (ASD) Certified Cloud Services List, and a copy of the cloud service provider’s Certification Report must be provided to the department.
b. All data must remain onshore, within Australian jurisdiction.
Cloud Computing. 9.1 If using a multi-tenanted cloud computing service, you must abide by the requirements set out in:
Cloud Computing. New Paradigm of Utility Computing.
Cloud Computing. Covered Entity bases the decision of whether a service is considered a cloud based technology on several factors including the five essential characteristics defined by the National Institute of Standards and Technology (NIST), Note that the absence of one or more of these characteristics is not viewed as a final deciding factor when determining if a service is Cloud based. Cloud Computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction.
11.1 The use of a multi-tenant environment is prohibited for hosting Confidential Information, unless a risk assessment has been performed and the appropriate Covered Entity Information Security approved risk mitigating controls are in place.
11.2 Logical controls, virtual machine zoning, virtualization security and segregation must be in place to help prevent attacks and exposure in multi-tenancy environments.
11.3 Covered Entity Confidential Information must be segregated from non-Covered Entity Information so that appropriate controls are in place to identify the data as Covered Entity’s in all instances, including backup and removable media, and to appropriately restrict access to only users authorized to view the data. Logical separation must allow data to be deleted when it is no longer required
11.4 Covered Entity Confidential Information included in a cloud computing-based environment must be protected with Covered Entity Approved Cryptographic Controls in transit, storage, and at rest. Appropriate Encryption key management must also be provided.
11.5 All Covered Entity data hosted in a cloud environment must remain on US-based systems and may not be stored outside of the United States.
11.6 The Cloud Service Provider (CSP) must provide a detailed mechanism for how litigation holds will be implemented. This will include how metadata will be created, accessed, and stored in the cloud environment.
11.7 Cloud Service Providers must undergo an annual independent audit by an accredited auditing firm covering the scope of Covered Entity data. Results of this audit must be provided to Covered Entity along with associated remediation decisions and activities, if applicable.
11.8 In the event Cloud Service Provider is not able to continue providing Services, then arrangements will be made for Covered Entity to receive its Confidential Inform...
