NIST Special Publication 800-145, "The NIST Definition of Cloud Computing," provides a comprehensive framework for understanding and defining cloud computing. It serves as a valuable resource for organizations navigating the cloud landscape.
Definition and purpose
The primary purpose of NIST SP 800-145 is to establish a clear and standardized definition of cloud computing. It outlines essential characteristics, service models (Software as a Service, Platform as a Service, Infrastructure as a Service), and deployment models (Public Cloud, Private Cloud, Hybrid Cloud) to facilitate broad comparisons of cloud services and deployment strategies as well as discussions from what is cloud computing to how to best use cloud computing.
The National Institute of Standards and Technology (NIST) is the governing body responsible for the 800 series of publications, including NIST 800-145.
NIST 800-145 was published in September 2011. There have been no major updates since.
The intended audience of NIST SP 800-145 is cloud service providers as well as system planners, program managers, technologists, and others adopting cloud computing as consumers.
Controls and requirements
NIST SP 800-145 doesn't provide specific controls or requirements in the way that some other NIST publications do. Instead, it focuses on defining key concepts related to cloud computing, including the five essential characteristics, three service models, and four deployment models.
Audit type, frequency, and duration
Since NIST 800-145 is a definition of cloud computing and not a compliance standard, it does not dictate specific audit types, frequencies, or durations.