ISO/IEC 27017 — Information technology — Security techniques — Security in cloud computing (DRAFT)
This standard will provide guidance on the information security elements/aspects of cloud computing. It will be accompanied by ISO/IEC 27018 covering the privacy aspects of cloud computing.
The standard will recommend, in addition to the information security controls recommended in ISO/IEC 27002, cloud-specific security controls.
The project has widespread support from national bodies plus the Cloud Security Alliance.
Scope and purpose
The standard is expected to be a guideline or code of practice recommending relevant information security controls for cloud computing.
The decision to progress a cloud privacy standard in parallel naturally implies that this standard will exclude privacy and the protection of personal data.
Latest available status info
The standard will build on the new version of ISO/IEC 27002 that is currently being revised.
The 2nd WD is more than 200 pages long, mostly comprising the current working text of ISO/IEC 27002 with changes/additions to suit the cloud computing context.
Note: SC27 decided NOT to progress a separate cloud security management system specification standard, judging that ISO/IEC 27001 is sufficient. Therefore, there are no plans to certify the security of cloud suppliers specifically.
|
