NIST 800-145

NIST Special Publication 800-145, "The NIST Definition of Cloud Computing," provides a comprehensive framework for understanding and defining cloud computing. It serves as a valuable resource for organizations navigating the cloud landscape.

Definition and purpose

The primary purpose of NIST SP 800-145 is to establish a clear and standardized definition of cloud computing. It outlines essential characteristics, service models (Software as a Service, Platform as a Service, Infrastructure as a Service), and deployment models (Public Cloud, Private Cloud, Hybrid Cloud) to facilitate broad comparisons of cloud services and deployment strategies as well as discussions from what is cloud computing to how to best use cloud computing.

Governing Body

The National Institute of Standards and Technology (NIST) is the governing body responsible for the 800 series of publications, including NIST 800-145.

Last updated

NIST 800-145 was published in September 2011. There have been no major updates since.

Applies to

The intended audience of NIST SP 800-145 is cloud service providers as well as system planners, program managers, technologists, and others adopting cloud computing as consumers.

Controls and requirements

NIST SP 800-145 doesn't provide specific controls or requirements in the way that some other NIST publications do. Instead, it focuses on defining key concepts related to cloud computing, including the five essential characteristics, three service models, and four deployment models.

Audit type, frequency, and duration

Since NIST 800-145 is a definition of cloud computing and not a compliance standard, it does not dictate specific audit types, frequencies, or durations.

Get compliant using Secureframe Custom Frameworks