美国国家标准技术研究所（NIST）正在呼吁机构带头解决公共云计算相关的安全和隐私挑战问题。

NIST的公共云计算安全和隐私准则并没有提议任何特定的云计算服务或部署方法，但列出了几条机构在考虑云服务时应该遵循的准则。

NIST要求机构在利用云时计划和考虑安全方面的问题，并要求机构确保云解决方案能满足其需求。

该文件还建议机构建立强有力的合同义务，并保留顶级机构的需求以及是否供应商能满足这些需求。NIST告诉机构他们负责实施和部署在公共云计算环境下的安全数据和应用。

“组织应为每一级组织收集和分析系统定期状态相关的可用数据，并经常管理安全和隐私风险。”NIST表示。

The National Institute of Standards and Technologies is calling on agencies to take the lead in addressing security and privacy challenges relating to public cloud computing.

NIST’s Guidelines on Security and Privacy in Public Cloud Computing do not suggest any specific service or deployment method for cloud computing, but lists several guidelines agencies should follow when considering their cloud services.

NIST asked agencies to plan and consider the security aspects of utilizing the cloud and said agencies should ensure cloud solutions fulfill the agency’s requirements.

The document also suggests agencies establish strong contractual obligations and stay on top of agency need and whether the provider is meeting those needs. NIST told agencies they are responsible for securing data and applications implemented and deployed in public cloud computing environments.

“The organization should collect and analyze available data about the state of the system regularly and as often as needed to manage security and privacy risks, as appropriate for each level of the organization,” NIST said.