Special Publication 500-293 (Draft)
US Government Cloud Computing Technology Roadmap Volume II Release 1.0 (Draft)
Useful Information for Cloud Adopters
Lee Badger, Robert Bohn, Shilong Chu, Mike Hogan, Fang Liu, Viktor Kaufmann, Jian Mao, John Messina, Kevin Mills, Annie Sokol, Jin Tong, Fred Whiteside and Dawn Leaf
NIST Cloud Computing Program Information Technology Laboratory
This page left intentionally blank
NIST Special Publication 500-293 (Draft)
US Government Cloud Computing Technology Roadmap Volume II Release 1.0 (Draft)
Useful Information for Cloud Adopters
Lee Badger, Robert Bohn, Shilong Chu, Mike Hogan, Fang Liu, Viktor Kaufmann, Jian Mao, John Messina, Kevin Mills, Annie Sokol, Jin Tong, Fred Whiteside and Dawn Leaf
Information Technology Laboratory
Cloud Computing Program Information Technology Laboratory National Institute of Standards and Technology Gaithersburg, MD 20899
November 2011
U.S. Department of Commerce
John E. Bryson, Secretary
National Institute of Standards and Technology
Patrick D. Gallagher, Under Secretary for Standards and Technology and Director
NIST SP 500-293 NIST US Government Cloud Computing Technology Roadmap, Release 1.0 (Draft)
NIST US Government Cloud Computing Technology Roadmap, Volume II, Release 1.0 (Draft) November 2011
Reports on Computer Systems Technology
The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) promotes the U.S. economy and public welfare by providing technical leadership for the nation’s measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of concept implementations, and technical analysis to advance the development and productive use of information technology. This Special Publication 500-series reports on ITL’s research, guidance, and outreach efforts in Information Technology and its collaborative activities with industry, government, and academic organizations.
National Institute of Standards and Technology Special Publication 500-293 (Draft) Natl. Inst. Stand. Technol. Spec. Publ. 500-293, 85 pages (November 2011)
Certain commercial entities, equipment, or materials may be identified in this document in order to describe an experimental procedure or concept adequately. Such identification is not intended to imply recommendation or endorsement by the National Institute of Standards and Technology, nor is it intended to imply that the entities, materials, or equipment are necessarily the best available for the purpose.
NIST US Government Cloud Computing Technology Roadmap, Volume II, Release 1.0 (Draft) November 2011
Acknowledgments
The authors, Shilong Chu, Fang Liu, Viktor Kaufmann, Jian Mao, and Jin Tong, of Knowcean Consulting Incorporated (under contract through the Federal Integrated Product Team, Space & Naval Warfare (SPAWAR) Systems Center Atlantic, Lee Badger, Robert Bohn, Mike Hogan, John Messina, Kevin Mills, Annie Sokol, Fred Whiteside and .
NIST Special Publication 500-293: US Government Cloud Computing Technology R...David Sweigert
This document presents the US Government Cloud Computing Technology Roadmap. It identifies 10 high-priority requirements that must be met for US government agencies to further adopt cloud computing. These requirements relate to standards, security, interoperability, portability, and other areas. The roadmap is intended to define and communicate what is needed to advance cloud computing technology and adoption. It incorporates input from public workshops, working groups, and comments. The overall goal is to help accelerate secure and effective cloud adoption within the US government.
NIST Cloud Computing
Reference Architecture
Recommendations of the National
Institute of Standards and
Technology
Fang Liu, Jin Tong, Jian Mao, Robert Bohn,
John Messina, Lee Badger and Dawn Leaf
Special Publication 500-292
i
NIST Special Publication 500-292
NIST Cloud Computing Reference
Architecture
Recommendations of the National
Institute of Standards and Technology
Fang Liu, Jin Tong, Jian Mao, Robert
Bohn, John Messina, Lee Badger and
Dawn Leaf
Information Techonology Laboratory
Cloud Computing Program
Information Technology Laboratory
National Institute of Standards and Technology
Gaithersburg, MD 20899-8930
September 2011
U.S. Department of Commerce
Rebecca M. Blank, Acting Secretary
National Institute of Standards and Technology
Patrick D. Gallagher, Under Secretary for Standards
and Technology and Director
NIST SP 500-292 NIST Cloud Computing Reference Architecture
ii
Reports on Computer Systems Technology
The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology
(NIST) promotes the U.S. economy and public welfare by providing technical leadership for the nation‟s
measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of
concept implementations, and technical analysis to advance the development and productive use of
information technology. ITL‟s responsibilities include the development of technical, physical,
administrative, and management standards and guidelines for the cost-effective security and privacy of
sensitive unclassified information in Federal computer systems. This Special Publication 800-series
reports on ITL‟s research, guidance, and outreach efforts in computer security and its collaborative
activities with industry, government, and academic organizations.
Certain commercial entities, equipment, or materials may be identified in this
document in order to describe an experimental procedure or concept adequately.
Such identification is not intended to imply recommendation or endorsement by the
National Institute of Standards and Technology, nor is it intended to imply that the
entities, materials, or equipment are necessarily the best available for the purpose.
National Institute of Standards and Technology Special Publication 500-292
Natl. Inst. Stand. Technol. Spec. Publ. 500-292, 35 pages (September 2011)
NIST SP 500-292 NIST Cloud Computing Reference Architecture
iii
Acknowledgments
The authors, Fang Liu, Jin Tong, Jian Mao of Knowcean Consulting Inc. (services acquired via US
NAVY SPAWAR contract), Robert Bohn, John Messina, Lee Badger, Dawn Leaf of the National
Institute of Standards and Technology (NIST), wish to thank their colleagues who reviewed drafts of this
document and contributed to its technical content. The authors gratefully acknowledge and appreciate the
broad.
«Руководство по безопасности и защите персональных данных при использовании п...Victor Gridnev
«Руководство по безопасности и защите персональных данных при использовании публичных систем облачных вычислений» (от National Institute of Standards and Technology)
This document is the second edition of the NIST Cloud Computing Standards Roadmap, which was developed by the NIST Cloud Computing Standards Roadmap Working Group. It provides an overview of cloud computing standards for interoperability, performance, portability, security, and accessibility. The document identifies current standards, standards gaps, and prioritization of future standardization needs based on typical government use cases. The goal is to help federal agencies and other stakeholders accelerate secure adoption of cloud computing through alignment with voluntary consensus standards and related conformity assessment activities.
This document summarizes an archived NIST technical publication on creating a patch and vulnerability management program from 2005. The publication has since been superseded by NIST Special Publication 800-40 Revision 3 from 2013.
The original 2005 publication provided guidance on establishing patch management programs and addressing legacy system needs. It covered topics such as developing a patch and vulnerability management process, creating a system inventory, monitoring for vulnerabilities and patches, prioritizing patch deployment, testing patches, and verifying systems have been patched.
The 2005 document was archived and superseded by the 2013 revision, which provides updated guidance for enterprise patch management technologies. The revision reflects the evolution of patching solutions and approaches over the intervening years.
Guidelines on Security and Privacy in Public Cloud ComputingDavid Sweigert
Uploaded as a courtesy by:
Dave Sweigert
CEH, CISA, CISSP, HCISPP, PCIP, PMP, SEC+
Abstract
Cloud computing can and does mean different things to different people. The common characteristics most interpretations share are on-demand scalability of highly available and reliable pooled computing resources, secure access to metered services from nearly anywhere, and displacement of data and services from inside to outside the organization. While aspects of these characteristics have been realized to a certain extent, cloud computing remains a work in progress. This publication provides an overview of the security and privacy challenges pertinent to public cloud computing and points out considerations organizations should take when outsourcing data, applications, and infrastructure to a public cloud environment.
Citation: Special Publication (NIST SP) - 800-144
This document proposes five core primitives that are building blocks for Networks of 'Things' (NoTs), including the Internet of Things (IoT):
1) Sensors - which measure physical properties and output data
2) Aggregators - which collect and process data from multiple sensors
3) Communication channels - which allow for data transfer between primitives
4) External utilities (eUtilities) - which are entities outside the NoT that can input or output data
5) Decision triggers - which initiate actions based on aggregated data
These primitives provide a framework for analyzing reliability, security, and trust in NoTs.
NIST 800-125 a DRAFT (HyperVisor Security)David Sweigert
This document provides security recommendations for hypervisor deployment. It discusses architectural choices for hypervisors, including whether the hypervisor is installed on bare metal or another OS, and whether it uses hardware or software for virtualization support. It also covers potential threats related to the hypervisor's baseline functions, such as execution isolation for VMs and device emulation. The document then provides security recommendations based on these architectural choices and hypervisor functions. It focuses recommendations on device emulation and access control, as well as VM management functions like memory and CPU allocation, image management, and security monitoring of VMs.
NIST Special Publication 500-293: US Government Cloud Computing Technology R...David Sweigert
This document presents the US Government Cloud Computing Technology Roadmap. It identifies 10 high-priority requirements that must be met for US government agencies to further adopt cloud computing. These requirements relate to standards, security, interoperability, portability, and other areas. The roadmap is intended to define and communicate what is needed to advance cloud computing technology and adoption. It incorporates input from public workshops, working groups, and comments. The overall goal is to help accelerate secure and effective cloud adoption within the US government.
NIST Cloud Computing
Reference Architecture
Recommendations of the National
Institute of Standards and
Technology
Fang Liu, Jin Tong, Jian Mao, Robert Bohn,
John Messina, Lee Badger and Dawn Leaf
Special Publication 500-292
i
NIST Special Publication 500-292
NIST Cloud Computing Reference
Architecture
Recommendations of the National
Institute of Standards and Technology
Fang Liu, Jin Tong, Jian Mao, Robert
Bohn, John Messina, Lee Badger and
Dawn Leaf
Information Techonology Laboratory
Cloud Computing Program
Information Technology Laboratory
National Institute of Standards and Technology
Gaithersburg, MD 20899-8930
September 2011
U.S. Department of Commerce
Rebecca M. Blank, Acting Secretary
National Institute of Standards and Technology
Patrick D. Gallagher, Under Secretary for Standards
and Technology and Director
NIST SP 500-292 NIST Cloud Computing Reference Architecture
ii
Reports on Computer Systems Technology
The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology
(NIST) promotes the U.S. economy and public welfare by providing technical leadership for the nation‟s
measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of
concept implementations, and technical analysis to advance the development and productive use of
information technology. ITL‟s responsibilities include the development of technical, physical,
administrative, and management standards and guidelines for the cost-effective security and privacy of
sensitive unclassified information in Federal computer systems. This Special Publication 800-series
reports on ITL‟s research, guidance, and outreach efforts in computer security and its collaborative
activities with industry, government, and academic organizations.
Certain commercial entities, equipment, or materials may be identified in this
document in order to describe an experimental procedure or concept adequately.
Such identification is not intended to imply recommendation or endorsement by the
National Institute of Standards and Technology, nor is it intended to imply that the
entities, materials, or equipment are necessarily the best available for the purpose.
National Institute of Standards and Technology Special Publication 500-292
Natl. Inst. Stand. Technol. Spec. Publ. 500-292, 35 pages (September 2011)
NIST SP 500-292 NIST Cloud Computing Reference Architecture
iii
Acknowledgments
The authors, Fang Liu, Jin Tong, Jian Mao of Knowcean Consulting Inc. (services acquired via US
NAVY SPAWAR contract), Robert Bohn, John Messina, Lee Badger, Dawn Leaf of the National
Institute of Standards and Technology (NIST), wish to thank their colleagues who reviewed drafts of this
document and contributed to its technical content. The authors gratefully acknowledge and appreciate the
broad.
«Руководство по безопасности и защите персональных данных при использовании п...Victor Gridnev
«Руководство по безопасности и защите персональных данных при использовании публичных систем облачных вычислений» (от National Institute of Standards and Technology)
This document is the second edition of the NIST Cloud Computing Standards Roadmap, which was developed by the NIST Cloud Computing Standards Roadmap Working Group. It provides an overview of cloud computing standards for interoperability, performance, portability, security, and accessibility. The document identifies current standards, standards gaps, and prioritization of future standardization needs based on typical government use cases. The goal is to help federal agencies and other stakeholders accelerate secure adoption of cloud computing through alignment with voluntary consensus standards and related conformity assessment activities.
This document summarizes an archived NIST technical publication on creating a patch and vulnerability management program from 2005. The publication has since been superseded by NIST Special Publication 800-40 Revision 3 from 2013.
The original 2005 publication provided guidance on establishing patch management programs and addressing legacy system needs. It covered topics such as developing a patch and vulnerability management process, creating a system inventory, monitoring for vulnerabilities and patches, prioritizing patch deployment, testing patches, and verifying systems have been patched.
The 2005 document was archived and superseded by the 2013 revision, which provides updated guidance for enterprise patch management technologies. The revision reflects the evolution of patching solutions and approaches over the intervening years.
Guidelines on Security and Privacy in Public Cloud ComputingDavid Sweigert
Uploaded as a courtesy by:
Dave Sweigert
CEH, CISA, CISSP, HCISPP, PCIP, PMP, SEC+
Abstract
Cloud computing can and does mean different things to different people. The common characteristics most interpretations share are on-demand scalability of highly available and reliable pooled computing resources, secure access to metered services from nearly anywhere, and displacement of data and services from inside to outside the organization. While aspects of these characteristics have been realized to a certain extent, cloud computing remains a work in progress. This publication provides an overview of the security and privacy challenges pertinent to public cloud computing and points out considerations organizations should take when outsourcing data, applications, and infrastructure to a public cloud environment.
Citation: Special Publication (NIST SP) - 800-144
This document proposes five core primitives that are building blocks for Networks of 'Things' (NoTs), including the Internet of Things (IoT):
1) Sensors - which measure physical properties and output data
2) Aggregators - which collect and process data from multiple sensors
3) Communication channels - which allow for data transfer between primitives
4) External utilities (eUtilities) - which are entities outside the NoT that can input or output data
5) Decision triggers - which initiate actions based on aggregated data
These primitives provide a framework for analyzing reliability, security, and trust in NoTs.
NIST 800-125 a DRAFT (HyperVisor Security)David Sweigert
This document provides security recommendations for hypervisor deployment. It discusses architectural choices for hypervisors, including whether the hypervisor is installed on bare metal or another OS, and whether it uses hardware or software for virtualization support. It also covers potential threats related to the hypervisor's baseline functions, such as execution isolation for VMs and device emulation. The document then provides security recommendations based on these architectural choices and hypervisor functions. It focuses recommendations on device emulation and access control, as well as VM management functions like memory and CPU allocation, image management, and security monitoring of VMs.
This document provides guidelines for securing public web servers. It discusses planning and managing web servers, securing the web server operating system and web server software, securing web content, using authentication and encryption technologies, implementing a secure network infrastructure, and administering the web server. The document contains background information, checklists, and recommendations to help organizations securely deploy and manage their web servers and protect against common security threats.
SAJACC Working Group Recommendations to NIST, Feb. 12 2013Alan Sill
The NIST Cloud Computing “Standards Acceleration to Jumpstart Adoption of Cloud Computing” (SAJACC) Working Group pursued a strategic process to facilitate development of testing methodologies applicable to cloud computing products and standards. The purpose of this process was to create formal US Government (USG)-based use cases and validation mechanisms that would ensure identification of the detailed capabilities of cloud computing products and standards in terms of their ability to support the US Government’s “Cloud First” information technology strategy, and to test cloud computing products and standards against these use cases.
The SAJAAC process was designed to incorporate the output of other NIST Cloud Computing working groups where possible, especially that of the Business Use Case Working Group, and to identify specific features that reflect USG priorities for cloud computing, which include aspects related to security, interoperability and portability. Future work is anticipated to extend the SAJACC framework to features that touch on other recently identified priorities, including aspects of accessibility and performance. By constantly integrating such aspects identified by other related NIST Cloud Computing topical work, the NIST SAJAAC process is designed to produce a validation process that will help support a sustainable, secure USG cloud infrastructure.
This working group report captures the results of this process to date and makes the following conclusions and recommendations to NIST to proceed from Phase I to future Phase II work of the SAJACC group:
1. Replace the SAJACC use case internal organization with one based on the current structure of the NIST Cloud Computing Reference Architecture and Taxonomy;
2. Add further use cases based on current extensions to this taxonomy for recently developed Cloud SLA Metrics and NIST Cloud Computing Security components;
3. Integrate further input as necessary from the NIST Business Use Case and Standards Roadmap groups, and work closely with these groups to identify additional use cases;
4. Study and adopt use case template elements from the US VA Bronze, Silver and Gold Use Cases and from additional formal input from US Government agencies;
5. Add automation and tooling, if possible, to the NIST web site to support community downloading of the NIST SAJACC use cases and their associated templates for testing scenarios and uploading of externally produced test results;
6. Conduct, invite and document additional use case demonstrations of cloud standards and applicable products against the SAJACC use cases to illustrate their features;
7. Solicit and add further recommendations from the community at large through meetings of the SAJACC working group.
This report therefore comprises the conclusion of Phase I of the SAJACC process to date, and the plan for initiation of Phase II with the goal to implement the above recommendations.
Guidelines on Securing Public Web Serverswebhostingguy
This document provides guidelines for securing public web servers. It discusses planning web server deployment and security management. It recommends securing the web server operating system, web server software, and network infrastructure. It also covers securing web content, using authentication and encryption, administering the web server through logging, backups and security testing. The goal is to help organizations securely install, configure and maintain public web servers.
NIST SP 800 1500-7 Working group on Big Data -- Interoperability StandardsDavid Sweigert
This document summarizes and analyzes standards related to big data as part of the NIST Big Data Interoperability Framework. It was created by the National Institute of Standards and Technology's (NIST) Big Data Public Working Group, which aims to develop consensus on fundamental big data concepts. The document provides overviews of the work in the first six volumes of the framework, investigates applicable standards, and outlines plans for future versions with additional standards analyses and recommendations. It seeks public feedback to improve the draft.
Sp800 55 Rev1 Performance Measurement Guide For Information SecurityJoao Couto
This document provides guidance on developing and implementing performance measures to assess the effectiveness of information security controls and programs. It describes a process for establishing measures that are quantifiable and can be used to track performance over time. The measures developed should indicate how well security policies are implemented, how efficiently security controls operate, and the impact of any security issues. This will help organizations comply with laws like FISMA and use security metrics to improve practices and allocate resources. The guidance can be applied at the individual system or enterprise program level.
This document defines cloud computing and its key characteristics. Cloud computing provides on-demand access to shared computing resources like networks, servers, storage, applications and services that can be quickly provisioned with minimal management effort. It has essential characteristics of on-demand self-service, broad network access, resource pooling, rapid elasticity, and measured service. There are three service models - Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS). Four deployment models of public, private, community and hybrid clouds are also defined.
The National Science and Technology Council's Task Force on Identity Management was established to assess the current state of identity management (IdM) across the U.S. government and develop a vision for the future. The Task Force found that over 3,000 federal systems currently utilize personally identifiable information (PII) in an inconsistent and duplicative manner. The Task Force proposed a new framework that includes: 1) A "network of networks" to securely manage common PII elements across agencies; 2) Strong security, privacy and auditability standards; and 3) Ubiquitous yet controlled access to verified identity data. This proposed approach aims to improve accuracy, availability, privacy and coordination of IdM across the federal government.
Computer Security
Incident Handling Guide
Recommendations of the National Institute
of Standards and Technology
Paul Cichonski
Tom Millar
Tim Grance
Karen Scarfone
Special Publication 800-61
Revision 2
http://dx.doi.org/10.6028/NIST.SP.800-61r2
http://dx.doi.org/10.6028/NIST.SP.800-61r2
NIST Special Publication 800-61
Revision 2
Computer Security Incident Handling
Guide
Recommendations of the National
Institute of Standards and Technology
Paul Cichonski
Computer Security Division
Information Technology Laboratory
National Institute of Standards and Technology
Gaithersburg, MD
Tom Millar
United States Computer Emergency Readiness Team
National Cyber Security Division
Department of Homeland Security
Tim Grance
Computer Security Division
Information Technology Laboratory
National Institute of Standards and Technology
Gaithersburg, MD
Karen Scarfone
Scarfone Cybersecurity
C O M P U T E R S E C U R I T Y
August 2012
U.S. Department of Commerce
Rebecca Blank, Acting Secretary
National Institute of Standards and Technology
Patrick D. Gallagher,
Under Secretary of Commerce for Standards and Technology
and Director
karenw
Typewritten Text
http://dx.doi.org/10.6028/NIST.SP.800-61r2
COMPUTER SECURITY INCIDENT HANDLING GUIDE
ii
Reports on Computer Systems Technology
The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology
(NIST) promotes the U.S. economy and public welfare by providing technical leadership for the Nation’s
measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of
concept implementations, and technical analyses to advance the development and productive use of
information technology. ITL’s responsibilities include the development of management, administrative,
technical, and physical standards and guidelines for the cost-effective security and privacy of other than
national security-related information in Federal information systems. The Special Publication 800-series
reports on ITL’s research, guidelines, and outreach efforts in information system security, and its
collaborative activities with industry, government, and academic organizations.
COMPUTER SECURITY INCIDENT HANDLING GUIDE
iii
Authority
This publication has been developed by NIST to further its statutory responsibilities under the Federal
Information Security Management Act (FISMA), Public Law (P.L.) 107-347. NIST is responsible for
developing information security standards and guidelines, including minimum requirements for Federal
information systems, but such standards and guidelines shall not apply to national security systems
without the express approval of appropriate Federal officials exercising policy authority over such
systems. This guideline is consistent with the requirements of the Office of Management and Bud ...
Assignment You will conduct a systems analysis project by .docxfestockton
Assignment:
You will conduct a systems analysis project by performing 3 phases of SDLC (planning, analysis and
design) for a small (real or imaginary) organization. The actual project implementation is not
required. You need to apply what you have learned in the class and to participate in the team
project work.
Deliverables
This project should follow the main steps of the first three phases of the SDLC (phase 1, 2 and 3).
Details description and diagrams should be included in each phase.
1- Planning:
Should cover the following:
• Project Initiation: How will it lowers costs or increase revenues?
• Project management: the project manager creates a work plan, staffs the project, and puts
techniques in place to help the project team control and direct the project through the
entire SDLC.
2- Analysis
Should cover the following:
• Analysis strategy: This is developed to guide the projects team’s efforts. This includes an
analysis of the current system.
• Requirements gathering: The analysis of this information leads to the development of a
concept for a new system. This concept is used to build a set of analysis models.
• System proposal: The proposal is presented to the project sponsor and other key
individuals who decide whether the project should continue to move forward.
3- Design
Should cover the following:
• Design Strategy: This clarifies whether the system will be developed by the company or
outside the company.
• Architecture Design: This describes the hardware, software, and network infrastructure that
will be used.
• Database and File Specifications: These documents define what and where the data will be
stored.
• Program Design: Defines what programs need to be written and what they will do.
The Course Presentations can be downloaded from here:
https://seu2020.com/wp-content/uploads/2019/09/Slides-IT243-Seu2020.com_.zip
In addition to the above please include
Points to be covered:
• Project Plan
• Staff Plan
• Cost
• Who will develop it? Self or vendor
• Project Methodology: need to consider the below factors when choosing a methodology
Clarity of User Requirements, Familiarity with Technology, System Complexity, System
Reliability, Short Time Schedules and Schedule Visibility
• Project timeline and timeframe.
• Risk Management
• Gantt Chart
• Project Requirements: Functional and Non-Functional
• Activity-Based Costing
• Outcome Analysis
• Technology Analysis
https://seu2020.com/wp-content/uploads/2019/09/Slides-IT243-Seu2020.com_.zip
• Include use cases
• Include Processing Model
• Data flow diagrams
• Relationship among Levels of DFDs
• Using the ERD to Show Business Rules
Please consider the slides as a reference of what topics to be covered for this assignment which falls
under the (planning, analysis and design) only.
Special Publication 800-86
Guide to Integrating Forensic
Techniques into Inciden ...
Organisering av digitale prosjekt: Hva har IT-bransjen lært om store prosjekter?Torgeir Dingsøyr
IT-bransjen har gjort store endringer i måten de gjennomfører prosjekter på gjennom bruk av smidige metoder. Disse metodene ble først brukt på små, samlokaliserte team men brukes nå også i store prosjekter med mange team og flere hundre utviklere. Hvordan jobber IT-bransjen for å sikre vellykkede store prosjekter?
Project Deliverable 2 Business Requirements1Project Deliverab.docxwkyra78
Project Deliverable 2: Business Requirements 1
Project Deliverable 2: Business Requirements 3
Project Deliverable 2: Business Requirements
Jessica Hill
Dr. Jan Felton
CIS 590: Directed Research Project
February 1, 2015
Table of Contents
1 Business Requirements……………………………………………………………….………3
1.1 Project Overview…………………………………………………………………….........3
1.2 Background including current process…………………………………………….3
1.3 Scope………………………………………………………………………………3
1.3.1 Scope of Project……………………………………………………….........4
1.3.2 Constraints and Assumptions……………………………………….............5
1.3.3. Risks…………………………………………………………………..........5
1.3.4. Scope Control ………………………………………………………………5
1.3.5. Relationship to Other Systems/Projects ……………………………………6
1.3.6. Definition of Terms (if applicable)………………………………………...6
1.1 Project Overview
This project is an information Technology project that was requested by WebFOCUS Company. The project is a development of a secure website that offers online advertisements, sharing, collection and storage of visual tools. The Website should be hosted in a cloud environment and should provide database functions for use in data warehousing
1.2 Background including current process
WebFOCUS was developed in order to generate profit through online advertisements as well as offshoring and outsourcing of business operations. Currently the business uses the relational database analysis. The company’s website in operated on both Windows and Mac OS X operating systems. In order to enhance virtualization, the company is seeking cloud computing services as well as data warehousing for data analysis purposes.
The project goals include;
a. Generation of profit through the charges on advertisement
b. Integration of database and operating systems in employee management.
c. Outsourcing work at a reduced cost (Olsen, 2006)
d. Developing a secure network infrastructure
e. The use of cloud computing to handle and share data
Tasks
a. Develop a website for advertisement
b. Install security measures
c. Integrate the website with cloud computing functionalities
d. Develop the outsourcing functionalities within the website
1.3 Scope
The scope of this project involves the determination and documentation of the project goals, deliverable, tasks, the cost and the deadlines.
1.3.1 Scope of the Project
Project Deliverables:
Scope Statement: This statement outlines the major activities to be carried out within the time allocated for the project. The scope statement’s goal is the financial analysis and financial documents regarding the operation of the project. The cost incurred and the revenue generated can be compared to observe the progress of the project.
Progress Reports: These include the process and the stages at which the project is undergoing. For the development of secure network infrastructure, the progress report deliverables would be network firewall types, authenticati ...
This document provides guidelines for establishing effective computer security incident response capabilities. It assists organizations in creating incident response teams and processes for efficiently handling incidents. The guidelines can be applied independent of specific hardware, software, protocols or applications. The document recommends establishing planning, preparation, detection and analysis, containment, eradication and recovery as key phases in the incident response process.
This document provides guidelines for establishing effective computer security incident response capabilities. It assists organizations in creating incident response teams and processes for efficiently handling incidents. The guidelines can be applied independently of specific hardware, software, protocols or applications. The document recommends establishing planning, preparation, detection and analysis, containment, eradication and recovery as key phases in the incident response process.
Computer Security
Incident Handling Guide
Recommendations of the National Institute
of Standards and Technology
Paul Cichonski
Tom Millar
Tim Grance
Karen Scarfone
Special Publication 800-61
Revision 2
karenw
Typewritten Text
http://dx.doi.org/10.6028/NIST.SP.800-61r2
NIST Special Publication 800-61
Revision 2
Computer Security Incident Handling
Guide
Recommendations of the National
Institute of Standards and Technology
Paul Cichonski
Computer Security Division
Information Technology Laboratory
National Institute of Standards and Technology
Gaithersburg, MD
Tom Millar
United States Computer Emergency Readiness Team
National Cyber Security Division
Department of Homeland Security
Tim Grance
Computer Security Division
Information Technology Laboratory
National Institute of Standards and Technology
Gaithersburg, MD
Karen Scarfone
Scarfone Cybersecurity
C O M P U T E R S E C U R I T Y
August 2012
U.S. Department of Commerce
Rebecca Blank, Acting Secretary
National Institute of Standards and Technology
Patrick D. Gallagher,
Under Secretary of Commerce for Standards and Technology
and Director
karenw
Typewritten Text
http://dx.doi.org/10.6028/NIST.SP.800-61r2
COMPUTER SECURITY INCIDENT HANDLING GUIDE
ii
Reports on Computer Systems Technology
The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology
(NIST) promotes the U.S. economy and public welfare by providing technical leadership for the Nation’s
measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of
concept implementations, and technical analyses to advance the development and productive use of
information technology. ITL’s responsibilities include the development of management, administrative,
technical, and physical standards and guidelines for the cost-effective security and privacy of other than
national security-related information in Federal information systems. The Special Publication 800-series
reports on ITL’s research, guidelines, and outreach efforts in information system security, and its
collaborative activities with industry, government, and academic organizations.
COMPUTER SECURITY INCIDENT HANDLING GUIDE
iii
Authority
This publication has been developed by NIST to further its statutory responsibilities under the Federal
Information Security Management Act (FISMA), Public Law (P.L.) 107-347. NIST is responsible for
developing information security standards and guidelines, including minimum requirements for Federal
information systems, but such standards and guidelines shall not apply to national security systems
without the express approval of appropriate Federal officials exercising policy authority over such
systems. This guideline is consistent with the requirements of the Office of Management and Budget
(OMB) Ci.
This document summarizes the objectives and proceedings of the 2nd Effectsplus Cluster event held in Amsterdam on July 4-5, 2011. 22 research projects attended to discuss collaboration opportunities in two parallel workshops on systems/networks models and services/cloud trust and assurance. The event aimed to identify areas for collaboration, publicly available examples, and gaps for future research. Presentations were given on several projects to promote awareness, including the BIC project which coordinates international cooperation on trustworthy ICT between the EU and countries like Brazil, India and South Africa.
This document summarizes NIST Special Publication 800-53 Revision 4 which provides a catalog of security and privacy controls for federal information systems and organizations. It describes how organizations can select controls to protect operations, assets, individuals and organizations from threats. The controls are customizable and implemented as part of an organization-wide risk management process. It also describes how specialized control overlays can be developed for specific environments. Finally, it addresses both security functionality and assurance to ensure systems are sufficiently trustworthy.
Sample Cloud Application Security and Operations Policy [release]LinkedIn
This document provides a sample cloud applications security and operations policy to guide organizations in developing security policies for cloud applications. It includes sections on authentication and administration, auditing, business continuity, data security, communication security, vendor governance, and brand reputation. For each section, it outlines baseline requirements and additional requirements for applications handling data at different security levels (1-3), based on the potential impact of unauthorized access. The goal is to balance security and usability by applying more stringent requirements to higher risk or sensitive data.
This document is NIST Special Publication 800-53 Revision 4 which provides a catalog of security and privacy controls for federal information systems. It aims to protect operations, assets, individuals and organizations from threats. The controls are customizable and part of an organization-wide risk management process. It also describes developing specialized control overlays for specific environments. Finally, it addresses security from functionality and assurance perspectives to ensure systems are sufficiently trustworthy.
Open Source and Cyber Security: Open Source Software's Role in Government Cyb...Great Wide Open
This document summarizes the cybersecurity research agenda of the U.S. Department of Homeland Security Science and Technology Directorate. It discusses how DHS is focusing on areas like critical infrastructure security, open source software, cyber-physical systems, and new technology programs. The research aims to drive innovation in cybersecurity solutions through collaboration with academia, industry and open source communities to address evolving threats and transition technologies for real-world use.
Summarize the key ideas of each of these texts and explain how they .docxrafbolet0
Summarize the key ideas of each of these texts and explain how they shed light on our study of American religious diversity. Point out some key citations and explain the most important thing you learned from these readings and how these readings helped you achieve the educational goals of our course
US Bill of Rights, UN DECLARATION OF HUMAN RIGHTS, and UNESCO on Diversity and Tolerance; Dignitatis Humanae, and Nostra Aetate
Clash of civilizations, Civil Religion (Reader, pp288-289), and Dominus Iesus
Dynamics of Prejudice (Reader, pp.32-39; 111-114; 295-309)
“Die Judenfrage” (Reader, pp.178-209)
The Irish case (Reader, pp.169-177)
Idolatry (Cantwell Smith, Reader, pp.259-266) and Tolerant Gods ( by Wole Soyinka, text on moodle)
Sacred Texts, Christian and Islamic vision of Religious Tolerance (Reader, p.44, and moodle)
The Real Kant, Multiculturalism, Eurocentrism and the Columbus paradigm (Reader, pp.93-103; 352-358; and pp.282-289)
“Calore-Colore” Paradigm (Reader, pp. 323-346) and scholarship on ATR, and scientific theories or mythologies of otherness (pp, 111-128; 295-346)
AAR article on Egyptology and “Egypt and Israel”
Choose 3 questions from the list above :
the papers should be clear and professonal, answer questions and explain the points that you wants to explain with examples from SACRED TEXTS (BIBLE AND KORAN). I want the writer to do the papers professionally, and to be neutral and non-racist, I want him explain that the examples of the Koran show the positive side, which is commensurate with the topic you will write, And, if possible, that there is a positive similarity between the Koran and the Bible. I already provide additional file can help the writer and you can looking for Koran and Bible to use it
.
Submit, individually, different kinds of data breaches, the threats .docxrafbolet0
This document provides instructions for an assignment to submit a paper analyzing different types of data breaches, the threats that enable them, and their severity. The paper should be APA formatted with 1-inch margins, consistent font, and double spacing, include a 1-page title page, 2-3 pages of body text, and a 1-page references section.
More Related Content
Similar to Special Publication 500-293 (Draft) US Government Cloud Computin.docx
This document provides guidelines for securing public web servers. It discusses planning and managing web servers, securing the web server operating system and web server software, securing web content, using authentication and encryption technologies, implementing a secure network infrastructure, and administering the web server. The document contains background information, checklists, and recommendations to help organizations securely deploy and manage their web servers and protect against common security threats.
SAJACC Working Group Recommendations to NIST, Feb. 12 2013Alan Sill
The NIST Cloud Computing “Standards Acceleration to Jumpstart Adoption of Cloud Computing” (SAJACC) Working Group pursued a strategic process to facilitate development of testing methodologies applicable to cloud computing products and standards. The purpose of this process was to create formal US Government (USG)-based use cases and validation mechanisms that would ensure identification of the detailed capabilities of cloud computing products and standards in terms of their ability to support the US Government’s “Cloud First” information technology strategy, and to test cloud computing products and standards against these use cases.
The SAJAAC process was designed to incorporate the output of other NIST Cloud Computing working groups where possible, especially that of the Business Use Case Working Group, and to identify specific features that reflect USG priorities for cloud computing, which include aspects related to security, interoperability and portability. Future work is anticipated to extend the SAJACC framework to features that touch on other recently identified priorities, including aspects of accessibility and performance. By constantly integrating such aspects identified by other related NIST Cloud Computing topical work, the NIST SAJAAC process is designed to produce a validation process that will help support a sustainable, secure USG cloud infrastructure.
This working group report captures the results of this process to date and makes the following conclusions and recommendations to NIST to proceed from Phase I to future Phase II work of the SAJACC group:
1. Replace the SAJACC use case internal organization with one based on the current structure of the NIST Cloud Computing Reference Architecture and Taxonomy;
2. Add further use cases based on current extensions to this taxonomy for recently developed Cloud SLA Metrics and NIST Cloud Computing Security components;
3. Integrate further input as necessary from the NIST Business Use Case and Standards Roadmap groups, and work closely with these groups to identify additional use cases;
4. Study and adopt use case template elements from the US VA Bronze, Silver and Gold Use Cases and from additional formal input from US Government agencies;
5. Add automation and tooling, if possible, to the NIST web site to support community downloading of the NIST SAJACC use cases and their associated templates for testing scenarios and uploading of externally produced test results;
6. Conduct, invite and document additional use case demonstrations of cloud standards and applicable products against the SAJACC use cases to illustrate their features;
7. Solicit and add further recommendations from the community at large through meetings of the SAJACC working group.
This report therefore comprises the conclusion of Phase I of the SAJACC process to date, and the plan for initiation of Phase II with the goal to implement the above recommendations.
Guidelines on Securing Public Web Serverswebhostingguy
This document provides guidelines for securing public web servers. It discusses planning web server deployment and security management. It recommends securing the web server operating system, web server software, and network infrastructure. It also covers securing web content, using authentication and encryption, administering the web server through logging, backups and security testing. The goal is to help organizations securely install, configure and maintain public web servers.
NIST SP 800 1500-7 Working group on Big Data -- Interoperability StandardsDavid Sweigert
This document summarizes and analyzes standards related to big data as part of the NIST Big Data Interoperability Framework. It was created by the National Institute of Standards and Technology's (NIST) Big Data Public Working Group, which aims to develop consensus on fundamental big data concepts. The document provides overviews of the work in the first six volumes of the framework, investigates applicable standards, and outlines plans for future versions with additional standards analyses and recommendations. It seeks public feedback to improve the draft.
Sp800 55 Rev1 Performance Measurement Guide For Information SecurityJoao Couto
This document provides guidance on developing and implementing performance measures to assess the effectiveness of information security controls and programs. It describes a process for establishing measures that are quantifiable and can be used to track performance over time. The measures developed should indicate how well security policies are implemented, how efficiently security controls operate, and the impact of any security issues. This will help organizations comply with laws like FISMA and use security metrics to improve practices and allocate resources. The guidance can be applied at the individual system or enterprise program level.
This document defines cloud computing and its key characteristics. Cloud computing provides on-demand access to shared computing resources like networks, servers, storage, applications and services that can be quickly provisioned with minimal management effort. It has essential characteristics of on-demand self-service, broad network access, resource pooling, rapid elasticity, and measured service. There are three service models - Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS). Four deployment models of public, private, community and hybrid clouds are also defined.
The National Science and Technology Council's Task Force on Identity Management was established to assess the current state of identity management (IdM) across the U.S. government and develop a vision for the future. The Task Force found that over 3,000 federal systems currently utilize personally identifiable information (PII) in an inconsistent and duplicative manner. The Task Force proposed a new framework that includes: 1) A "network of networks" to securely manage common PII elements across agencies; 2) Strong security, privacy and auditability standards; and 3) Ubiquitous yet controlled access to verified identity data. This proposed approach aims to improve accuracy, availability, privacy and coordination of IdM across the federal government.
Computer Security
Incident Handling Guide
Recommendations of the National Institute
of Standards and Technology
Paul Cichonski
Tom Millar
Tim Grance
Karen Scarfone
Special Publication 800-61
Revision 2
http://dx.doi.org/10.6028/NIST.SP.800-61r2
http://dx.doi.org/10.6028/NIST.SP.800-61r2
NIST Special Publication 800-61
Revision 2
Computer Security Incident Handling
Guide
Recommendations of the National
Institute of Standards and Technology
Paul Cichonski
Computer Security Division
Information Technology Laboratory
National Institute of Standards and Technology
Gaithersburg, MD
Tom Millar
United States Computer Emergency Readiness Team
National Cyber Security Division
Department of Homeland Security
Tim Grance
Computer Security Division
Information Technology Laboratory
National Institute of Standards and Technology
Gaithersburg, MD
Karen Scarfone
Scarfone Cybersecurity
C O M P U T E R S E C U R I T Y
August 2012
U.S. Department of Commerce
Rebecca Blank, Acting Secretary
National Institute of Standards and Technology
Patrick D. Gallagher,
Under Secretary of Commerce for Standards and Technology
and Director
karenw
Typewritten Text
http://dx.doi.org/10.6028/NIST.SP.800-61r2
COMPUTER SECURITY INCIDENT HANDLING GUIDE
ii
Reports on Computer Systems Technology
The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology
(NIST) promotes the U.S. economy and public welfare by providing technical leadership for the Nation’s
measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of
concept implementations, and technical analyses to advance the development and productive use of
information technology. ITL’s responsibilities include the development of management, administrative,
technical, and physical standards and guidelines for the cost-effective security and privacy of other than
national security-related information in Federal information systems. The Special Publication 800-series
reports on ITL’s research, guidelines, and outreach efforts in information system security, and its
collaborative activities with industry, government, and academic organizations.
COMPUTER SECURITY INCIDENT HANDLING GUIDE
iii
Authority
This publication has been developed by NIST to further its statutory responsibilities under the Federal
Information Security Management Act (FISMA), Public Law (P.L.) 107-347. NIST is responsible for
developing information security standards and guidelines, including minimum requirements for Federal
information systems, but such standards and guidelines shall not apply to national security systems
without the express approval of appropriate Federal officials exercising policy authority over such
systems. This guideline is consistent with the requirements of the Office of Management and Bud ...
Assignment You will conduct a systems analysis project by .docxfestockton
Assignment:
You will conduct a systems analysis project by performing 3 phases of SDLC (planning, analysis and
design) for a small (real or imaginary) organization. The actual project implementation is not
required. You need to apply what you have learned in the class and to participate in the team
project work.
Deliverables
This project should follow the main steps of the first three phases of the SDLC (phase 1, 2 and 3).
Details description and diagrams should be included in each phase.
1- Planning:
Should cover the following:
• Project Initiation: How will it lowers costs or increase revenues?
• Project management: the project manager creates a work plan, staffs the project, and puts
techniques in place to help the project team control and direct the project through the
entire SDLC.
2- Analysis
Should cover the following:
• Analysis strategy: This is developed to guide the projects team’s efforts. This includes an
analysis of the current system.
• Requirements gathering: The analysis of this information leads to the development of a
concept for a new system. This concept is used to build a set of analysis models.
• System proposal: The proposal is presented to the project sponsor and other key
individuals who decide whether the project should continue to move forward.
3- Design
Should cover the following:
• Design Strategy: This clarifies whether the system will be developed by the company or
outside the company.
• Architecture Design: This describes the hardware, software, and network infrastructure that
will be used.
• Database and File Specifications: These documents define what and where the data will be
stored.
• Program Design: Defines what programs need to be written and what they will do.
The Course Presentations can be downloaded from here:
https://seu2020.com/wp-content/uploads/2019/09/Slides-IT243-Seu2020.com_.zip
In addition to the above please include
Points to be covered:
• Project Plan
• Staff Plan
• Cost
• Who will develop it? Self or vendor
• Project Methodology: need to consider the below factors when choosing a methodology
Clarity of User Requirements, Familiarity with Technology, System Complexity, System
Reliability, Short Time Schedules and Schedule Visibility
• Project timeline and timeframe.
• Risk Management
• Gantt Chart
• Project Requirements: Functional and Non-Functional
• Activity-Based Costing
• Outcome Analysis
• Technology Analysis
https://seu2020.com/wp-content/uploads/2019/09/Slides-IT243-Seu2020.com_.zip
• Include use cases
• Include Processing Model
• Data flow diagrams
• Relationship among Levels of DFDs
• Using the ERD to Show Business Rules
Please consider the slides as a reference of what topics to be covered for this assignment which falls
under the (planning, analysis and design) only.
Special Publication 800-86
Guide to Integrating Forensic
Techniques into Inciden ...
Organisering av digitale prosjekt: Hva har IT-bransjen lært om store prosjekter?Torgeir Dingsøyr
IT-bransjen har gjort store endringer i måten de gjennomfører prosjekter på gjennom bruk av smidige metoder. Disse metodene ble først brukt på små, samlokaliserte team men brukes nå også i store prosjekter med mange team og flere hundre utviklere. Hvordan jobber IT-bransjen for å sikre vellykkede store prosjekter?
Project Deliverable 2 Business Requirements1Project Deliverab.docxwkyra78
Project Deliverable 2: Business Requirements 1
Project Deliverable 2: Business Requirements 3
Project Deliverable 2: Business Requirements
Jessica Hill
Dr. Jan Felton
CIS 590: Directed Research Project
February 1, 2015
Table of Contents
1 Business Requirements……………………………………………………………….………3
1.1 Project Overview…………………………………………………………………….........3
1.2 Background including current process…………………………………………….3
1.3 Scope………………………………………………………………………………3
1.3.1 Scope of Project……………………………………………………….........4
1.3.2 Constraints and Assumptions……………………………………….............5
1.3.3. Risks…………………………………………………………………..........5
1.3.4. Scope Control ………………………………………………………………5
1.3.5. Relationship to Other Systems/Projects ……………………………………6
1.3.6. Definition of Terms (if applicable)………………………………………...6
1.1 Project Overview
This project is an information Technology project that was requested by WebFOCUS Company. The project is a development of a secure website that offers online advertisements, sharing, collection and storage of visual tools. The Website should be hosted in a cloud environment and should provide database functions for use in data warehousing
1.2 Background including current process
WebFOCUS was developed in order to generate profit through online advertisements as well as offshoring and outsourcing of business operations. Currently the business uses the relational database analysis. The company’s website in operated on both Windows and Mac OS X operating systems. In order to enhance virtualization, the company is seeking cloud computing services as well as data warehousing for data analysis purposes.
The project goals include;
a. Generation of profit through the charges on advertisement
b. Integration of database and operating systems in employee management.
c. Outsourcing work at a reduced cost (Olsen, 2006)
d. Developing a secure network infrastructure
e. The use of cloud computing to handle and share data
Tasks
a. Develop a website for advertisement
b. Install security measures
c. Integrate the website with cloud computing functionalities
d. Develop the outsourcing functionalities within the website
1.3 Scope
The scope of this project involves the determination and documentation of the project goals, deliverable, tasks, the cost and the deadlines.
1.3.1 Scope of the Project
Project Deliverables:
Scope Statement: This statement outlines the major activities to be carried out within the time allocated for the project. The scope statement’s goal is the financial analysis and financial documents regarding the operation of the project. The cost incurred and the revenue generated can be compared to observe the progress of the project.
Progress Reports: These include the process and the stages at which the project is undergoing. For the development of secure network infrastructure, the progress report deliverables would be network firewall types, authenticati ...
This document provides guidelines for establishing effective computer security incident response capabilities. It assists organizations in creating incident response teams and processes for efficiently handling incidents. The guidelines can be applied independent of specific hardware, software, protocols or applications. The document recommends establishing planning, preparation, detection and analysis, containment, eradication and recovery as key phases in the incident response process.
This document provides guidelines for establishing effective computer security incident response capabilities. It assists organizations in creating incident response teams and processes for efficiently handling incidents. The guidelines can be applied independently of specific hardware, software, protocols or applications. The document recommends establishing planning, preparation, detection and analysis, containment, eradication and recovery as key phases in the incident response process.
Computer Security
Incident Handling Guide
Recommendations of the National Institute
of Standards and Technology
Paul Cichonski
Tom Millar
Tim Grance
Karen Scarfone
Special Publication 800-61
Revision 2
karenw
Typewritten Text
http://dx.doi.org/10.6028/NIST.SP.800-61r2
NIST Special Publication 800-61
Revision 2
Computer Security Incident Handling
Guide
Recommendations of the National
Institute of Standards and Technology
Paul Cichonski
Computer Security Division
Information Technology Laboratory
National Institute of Standards and Technology
Gaithersburg, MD
Tom Millar
United States Computer Emergency Readiness Team
National Cyber Security Division
Department of Homeland Security
Tim Grance
Computer Security Division
Information Technology Laboratory
National Institute of Standards and Technology
Gaithersburg, MD
Karen Scarfone
Scarfone Cybersecurity
C O M P U T E R S E C U R I T Y
August 2012
U.S. Department of Commerce
Rebecca Blank, Acting Secretary
National Institute of Standards and Technology
Patrick D. Gallagher,
Under Secretary of Commerce for Standards and Technology
and Director
karenw
Typewritten Text
http://dx.doi.org/10.6028/NIST.SP.800-61r2
COMPUTER SECURITY INCIDENT HANDLING GUIDE
ii
Reports on Computer Systems Technology
The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology
(NIST) promotes the U.S. economy and public welfare by providing technical leadership for the Nation’s
measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of
concept implementations, and technical analyses to advance the development and productive use of
information technology. ITL’s responsibilities include the development of management, administrative,
technical, and physical standards and guidelines for the cost-effective security and privacy of other than
national security-related information in Federal information systems. The Special Publication 800-series
reports on ITL’s research, guidelines, and outreach efforts in information system security, and its
collaborative activities with industry, government, and academic organizations.
COMPUTER SECURITY INCIDENT HANDLING GUIDE
iii
Authority
This publication has been developed by NIST to further its statutory responsibilities under the Federal
Information Security Management Act (FISMA), Public Law (P.L.) 107-347. NIST is responsible for
developing information security standards and guidelines, including minimum requirements for Federal
information systems, but such standards and guidelines shall not apply to national security systems
without the express approval of appropriate Federal officials exercising policy authority over such
systems. This guideline is consistent with the requirements of the Office of Management and Budget
(OMB) Ci.
This document summarizes the objectives and proceedings of the 2nd Effectsplus Cluster event held in Amsterdam on July 4-5, 2011. 22 research projects attended to discuss collaboration opportunities in two parallel workshops on systems/networks models and services/cloud trust and assurance. The event aimed to identify areas for collaboration, publicly available examples, and gaps for future research. Presentations were given on several projects to promote awareness, including the BIC project which coordinates international cooperation on trustworthy ICT between the EU and countries like Brazil, India and South Africa.
This document summarizes NIST Special Publication 800-53 Revision 4 which provides a catalog of security and privacy controls for federal information systems and organizations. It describes how organizations can select controls to protect operations, assets, individuals and organizations from threats. The controls are customizable and implemented as part of an organization-wide risk management process. It also describes how specialized control overlays can be developed for specific environments. Finally, it addresses both security functionality and assurance to ensure systems are sufficiently trustworthy.
Sample Cloud Application Security and Operations Policy [release]LinkedIn
This document provides a sample cloud applications security and operations policy to guide organizations in developing security policies for cloud applications. It includes sections on authentication and administration, auditing, business continuity, data security, communication security, vendor governance, and brand reputation. For each section, it outlines baseline requirements and additional requirements for applications handling data at different security levels (1-3), based on the potential impact of unauthorized access. The goal is to balance security and usability by applying more stringent requirements to higher risk or sensitive data.
This document is NIST Special Publication 800-53 Revision 4 which provides a catalog of security and privacy controls for federal information systems. It aims to protect operations, assets, individuals and organizations from threats. The controls are customizable and part of an organization-wide risk management process. It also describes developing specialized control overlays for specific environments. Finally, it addresses security from functionality and assurance perspectives to ensure systems are sufficiently trustworthy.
Open Source and Cyber Security: Open Source Software's Role in Government Cyb...Great Wide Open
This document summarizes the cybersecurity research agenda of the U.S. Department of Homeland Security Science and Technology Directorate. It discusses how DHS is focusing on areas like critical infrastructure security, open source software, cyber-physical systems, and new technology programs. The research aims to drive innovation in cybersecurity solutions through collaboration with academia, industry and open source communities to address evolving threats and transition technologies for real-world use.
Similar to Special Publication 500-293 (Draft) US Government Cloud Computin.docx (20)
Summarize the key ideas of each of these texts and explain how they .docxrafbolet0
Summarize the key ideas of each of these texts and explain how they shed light on our study of American religious diversity. Point out some key citations and explain the most important thing you learned from these readings and how these readings helped you achieve the educational goals of our course
US Bill of Rights, UN DECLARATION OF HUMAN RIGHTS, and UNESCO on Diversity and Tolerance; Dignitatis Humanae, and Nostra Aetate
Clash of civilizations, Civil Religion (Reader, pp288-289), and Dominus Iesus
Dynamics of Prejudice (Reader, pp.32-39; 111-114; 295-309)
“Die Judenfrage” (Reader, pp.178-209)
The Irish case (Reader, pp.169-177)
Idolatry (Cantwell Smith, Reader, pp.259-266) and Tolerant Gods ( by Wole Soyinka, text on moodle)
Sacred Texts, Christian and Islamic vision of Religious Tolerance (Reader, p.44, and moodle)
The Real Kant, Multiculturalism, Eurocentrism and the Columbus paradigm (Reader, pp.93-103; 352-358; and pp.282-289)
“Calore-Colore” Paradigm (Reader, pp. 323-346) and scholarship on ATR, and scientific theories or mythologies of otherness (pp, 111-128; 295-346)
AAR article on Egyptology and “Egypt and Israel”
Choose 3 questions from the list above :
the papers should be clear and professonal, answer questions and explain the points that you wants to explain with examples from SACRED TEXTS (BIBLE AND KORAN). I want the writer to do the papers professionally, and to be neutral and non-racist, I want him explain that the examples of the Koran show the positive side, which is commensurate with the topic you will write, And, if possible, that there is a positive similarity between the Koran and the Bible. I already provide additional file can help the writer and you can looking for Koran and Bible to use it
.
Submit, individually, different kinds of data breaches, the threats .docxrafbolet0
This document provides instructions for an assignment to submit a paper analyzing different types of data breaches, the threats that enable them, and their severity. The paper should be APA formatted with 1-inch margins, consistent font, and double spacing, include a 1-page title page, 2-3 pages of body text, and a 1-page references section.
Submit your personal crimes analysis using Microsoft® PowerPoi.docxrafbolet0
Submit
your personal crimes analysis using Microsoft
®
PowerPoint
®
or another pre-approved presentation tool.
Create
a 10- to 15-slide presentation that includes a reference slide with at least four references cited throughout the presentation. Include the following:
·
Differentiate between assault, battery, and mayhem.
·
Identify and explain kidnapping and false imprisonment.
·
Compare and contrast between rape and statutory rape.
·
Choose two states and compare the definitions and punishment for these crimes.
Include
appropriate photos, short videos, or headlines, as needed, to represent your analysis.
Format
your presentation consistent with APA guidelines.
.
Submit two pages (double spaced, 12 point font) describing a musical.docxrafbolet0
Submit two pages (double spaced, 12 point font) describing a musical concert of your choosing, suggested in the syllabus or approved by instructor. Describe as many factors as possible: who/what/where/ when, how many musicians performed, what instruments did they play, name several of the musical pieces, how did they sound (use some of the terms we learned in the course), what did the musicians wear, describe the audience, describe the music (how did it make you feel, etc.), what did you enjoy most about the event? Share your reflections.
.
Submit the rough draft of your geology project. Included in your rou.docxrafbolet0
Submit the rough draft of your geology project. Included in your rough draft should be the text as close as possible to the way you intend on submitting it as well as data tables and rough sketches of figures.
Proofread everything and check your work according to the
Evaluation
guidelines in the original assignment in Week 02.
Geology Project Requirements
**Please review your paper for all of the below before submitting your Week 8 Rough Draft or Week 10 Final Paper.**
-
Length
·
Paper is to be 7 pages, at a minimum, in length:
o
One Cover Page
o
One Reference page
o
5 pages of written text (which does not include space taken up by photos, illustrations or charts).
-
Formatting
·
All paragraphs need to be indented.
·
Font should be Times New Roman and size 12.
·
The line spacing should be double spaced.
·
Make sure there is an introduction paragraph, thebody paragraphs are well organized and a conclusion paragraph.
·
Stay away from many short sentences in a paragraph, as the paragraph needs to flow. (These can be fragment sentences and can make the paper confusing when reading.)
·
Also stay away from many short paragraphs in the body of the paper, if organized well, then there will be medium length paragraphs.
·
Paper should be aligned to the left margin – not center or wide across.
-
Writing
·
This is a science research paper about a geology topic and must be in third person, therefore words such as we, me, I you, our, or us are not allowed to be used. Make sure these are not in your paper.
o
This also pertains to let’s. (Let’s short for let us.)
·
Make sure that all of your sentences are strong and independent.
·
Paper needs to be written using proper mechanics (clear, concise, complete sentences and paragraphs), proper spelling, grammar and punctuation.
·
Do not start your introduction or paper off with ‘This paper will look at…’ or ‘This paper will cover…’ Your thesis should not contain these words and should be a stand alone sentence with a passive lead in.
·
Spell Check Spell Check Spell Check.
·
Any introduction of a new word or scientific word that your reader may not know the definition of, be sure to include the definition for better understanding.
·
Acronyms. The first time an acronym is used, be sure to define what it stands for – such as USGS (United States Geological Survey). Then each subsequent time this acronym is used in the paper, you can just write USGS since it has already been defined to the reader.
·
Make sure to capitalize proper nouns such as Earth.
·
Make sure paragraphs transition and flow well between each other. Read the paper out loud to yourself before final submission to make sure these transitions are in place.
·
Please do not be a casual writer in this paper. What I mean by that is do not write how you would talk in a casual conversation, text on your phone or email a friend. This is a research paper and therefore the presentation and writing style needs to be.
Submit your paper of Sections III and IV of the final project. Spe.docxrafbolet0
Submit your paper of Sections III and IV of the final project. Specifically, the following critical elements must be addressed:
III. Billing and Reimbursement
A. Analyze the collection of data by patient access personnel and its importance to the billing and collection process. Be sure to address the importance of exceptional customer service.
B. Analyze how third-party policies would be used when developing billing guidelines for patient financial services (PFS) personnel and administration when determining the payer mix for maximum reimbursement.
C. Organize the key areas of review in order of importance for timeliness and maximization of reimbursement from third-party payers. Explain your rationale on the order.
D. Describe a way to structure your follow-up staff in terms of effectiveness. How can you ensure that this structure will be effective?
E. Develop a plan for periodic review of procedures to ensure compliance. Include explicit steps for this plan and the feasibility of enacting this plan within this organization.
IV. Marketing and Reimbursement
A. Analyze the strategies used to negotiate new managed care contracts. Support your analysis with research.
B. Communicate the important role that each individual within this healthcare organization plays with regard to managed care contracts. Be sure to include the different individuals within the healthcare organization.
C. Explain how new managed care contracts impact reimbursement for the healthcare organization. Support your explanation with concrete evidence or research.
D. Discuss the resources needed to ensure billing and coding compliance with regulations and ethical standards. What would happen if these resources were not obtained? Describe the consequences of noncompliance with regulations and ethical standards.
.
Submit the finished product for your Geology Project. Please include.docxrafbolet0
Submit the finished product for your Geology Project. Please include all figures, data tables, and text in the same document.
Before you submit, please proofread once more as you check the
Evaluation
guidelines from the original assignment in Week 02.
I need the sources in-text citations please and sources throughout the paper with quotation marks!!! THIS IS NECESSARY. I have the rough draft I can send it.
Geology Project Requirements
**Please review your paper for all of the below before submitting your Week 10 Final Paper.**
-
Length
·
Paper is to be 7 pages, at a minimum, in length:
o
One Cover Page
o
One Reference page
o
5 pages of written text (which does not include space taken up by photos, illustrations or charts).
-
Formatting
·
All paragraphs need to be indented.
·
Font should be Times New Roman and size 12.
·
The line spacing should be double spaced.
·
Make sure there is an introduction paragraph, the body paragraphs are well organized and a conclusion paragraph.
·
Stay away from many short sentences in a paragraph, as the paragraph needs to flow. (These can be fragment sentences and can make the paper confusing when reading.)
·
Also stay away from many short paragraphs in the body of the paper, if organized well, then there will be medium length paragraphs.
·
Paper should be aligned to the left margin – not center or wide across.
-
Writing
·
This is a science research paper about a geology topic and must be in third person, therefore words such as we, me, I you, our, or us are not allowed to be used. Make sure these are not in your paper.
o
This also pertains to let’s. (Let’s short for let us.)
·
Make sure that all of your sentences are strong and independent.
·
Paper needs to be written using proper mechanics (clear, concise, complete sentences and paragraphs), proper spelling, grammar and punctuation.
·
Do not start your introduction or paper off with ‘This paper will look at…’ or ‘This paper will cover…’ Your thesis should not contain these words and should be a stand alone sentence with a passive lead in.
·
Spell Check Spell Check Spell Check.
·
Any introduction of a new word or scientific word that your reader may not know the definition of, be sure to include the definition for better understanding.
·
Acronyms. The first time an acronym is used, be sure to define what it stands for – such as USGS (United States Geological Survey). Then each subsequent time this acronym is used in the paper, you can just write USGS since it has already been defined to the reader.
·
Make sure to capitalize proper nouns such as Earth.
·
Make sure paragraphs transition and flow well between each other. Read the paper out loud to yourself before final submission to make sure these transitions are in place.
·
Please do not be a casual writer in this paper. What I mean by that is do not write how you would talk in a casual conversation, text on your phone or email a friend. This is a research paper.
Submit the Background Information portion of the final project, desc.docxrafbolet0
Submit the Background Information portion of the final project, describing the company and business product, service, or other idea from the business pla. In the description, make sure that you include the target stakeholders and their relationship to the mission, vision, and values of the company. Concisely describe the company and business product or service. Be sure to include the company’s publicly traded name and stock symbol if these exist.
2-3 pages. APA
.
Submit Files - Assignment 1 Role of Manager and Impact of Organizati.docxrafbolet0
Submit Files - Assignment 1 Role of Manager and Impact of Organizational Theories on Managers
Assignment 1 Role of Manager and Impact of Organizational Theories on Managers (Week 3)
Purpose:
In the first assignment, students are given a scenario in which the shipping manager who has worked for Galaxy Toys, Inc. since 1969. The scenario serves to set the stage for students to demonstrate how management theories have changed over time. For example, managing 30 years ago is different than managing in the 21
st
century.
Outcome Met by Completing This Assignment:
integrate management theories and principles into management practices
Instructions:
In Part One of this case study analysis, students are to use the facts from the case study to determine two different organization theories that are demonstrated. For Part Two, students will compare the 21
st
century manager to that of the main character in the case study and the implications of change in being a 21
st
century manager.
In selecting a school of thought and an organizational theory that best describes the current shipping manager, students will use the timeline to select a school of thought and a theory or theories of that time frame. Students will to use the course material to respond to most of the assignment requirements but will also need to research the theorist(s) and theories to complete the assignment. Students are expected to be thorough in responding.
In Part Two, students are going to take what they have learned and compare the management skills of the 21st century shipping manager to the skills of the current shipping manager.
Step 1:
Review “How to Analyze a Case Study” under Week 3 Content.
Step 2:
Create a Word or Rich Text Format (RTF) document that is double-spaced, 12-point font. The final product will be between 4-6 pages in length excluding the title page and reference page.
Step 3:
Review the grading rubric for the assignment.
Step 4:
In addition to providing an introduction, students will use headings following this format:
Title page with title, your name, the course, the instructor’s name;
Background;
Part One;
Part Two.
Step 5
: In writing a case study, the writing is in the third person. What this means is that there are no words such as “I, me, my, we, or us” (first person writing), nor is there use of “you or your” (second person writing). If uncertain how to write in the third person, view this link:
http://www.quickanddirtytips.com/education/grammar/first-second-and-third-person
. Also note that students are not to provide personal commentary.
Step 6:
In writing this assignment, students are expected to support the reasoning using in-text citations and a reference list. If any material is used from a source document, it must be cited and referenced. A reference within a reference list cannot exist without an associated in-text citation and vice versa. View the sample APA paper under Week 1 content.
Step 7:
In writing thi.
SS
C
ha
Simple RegressionSimple Regression
pter
Chapter ContentsChapter Contents
12
12.1 Visual Displays and Correlation Analysis12.1 Visual Displays and Correlation Analysisp y yp y y
12.2 Simple Regression12.2 Simple Regression
12 3 Regression Terminology12 3 Regression Terminology12.3 Regression Terminology12.3 Regression Terminology
12.4 Ordinary Least Squares Formulas12.4 Ordinary Least Squares Formulas
12 T f Si ifi12 T f Si ifi12.5 Tests for Significance12.5 Tests for Significance
12.6 Analysis of Variance: Overall Fit12.6 Analysis of Variance: Overall Fit
12.7 Confidence and Prediction Intervals for 12.7 Confidence and Prediction Intervals for YY
12-1
SS
C
ha
Simple RegressionSimple Regression
pter
Chapter ContentsChapter Contents
12
12 8 Residual Tests12 8 Residual Tests12.8 Residual Tests12.8 Residual Tests
12.9 Unusual Observations12.9 Unusual Observations
12 10 Oth R i P bl12 10 Oth R i P bl12.10 Other Regression Problems12.10 Other Regression Problems
12-2
C
ha
SS
pter 1
Simple RegressionSimple Regression
Chapter Learning Objectives (LO’s)Chapter Learning Objectives (LO’s)
12
Chapter Learning Objectives (LO s)Chapter Learning Objectives (LO s)
LO12LO12--1: 1: Calculate and test a correlation Calculate and test a correlation coefficient coefficient for for significancesignificance..
LO12LO12--2: 2: Interpret Interpret the slope and intercept of a regression equation.the slope and intercept of a regression equation.
LO12LO12--3: 3: Make Make a prediction for a given a prediction for a given x value using a x value using a regressionregression
equationequation..qq
LO12LO12--4: 4: Fit a simple regression on an Excel scatter plot.Fit a simple regression on an Excel scatter plot.
LO12LO12--5:5: Calculate and interpretCalculate and interpret confidenceconfidence intervals forintervals for regressionregressionLO12LO12 5: 5: Calculate and interpret Calculate and interpret confidence confidence intervals for intervals for regressionregression
coefficientscoefficients..
LO12LO12 6:6: Test hypotheses about the slope and intercept by usingTest hypotheses about the slope and intercept by using t testst tests
12-3
LO12LO12--6: 6: Test hypotheses about the slope and intercept by using Test hypotheses about the slope and intercept by using t tests.t tests.
C
ha
ff
pter
Analysis of VarianceAnalysis of Variance
Ch t L i Obj ti (LO’ )Ch t L i Obj ti (LO’ )
12
Chapter Learning Objectives (LO’s)Chapter Learning Objectives (LO’s)
LO12LO12--7:7: Perform regression with Excel or other software.Perform regression with Excel or other software.
LO12LO12--8:8: Interpret the standard errorInterpret the standard error RR22 ANOVA table and F testANOVA table and F testLO12LO12 8: 8: Interpret the standard error, Interpret the standard error, RR , ANOVA table, and F test., ANOVA table, and F test.
LO12LO12--9:9: Distinguish between confidence and prediction intervals.Distinguish between conf.
SRF Journal EntriesreferenceAccount TitlesDebitsCredits3-CType journal entries in the space provided. Link these to the T-accounts and link the T-account balancesto the financial statements provided on the tabs at the bottom of the page.4-C
&L&"Arial,Bold"&14City of Monroe- Street and Highway Fund Journal Entries
SRF T-accountsDUE FROMCASHINVESTMENTSSTATE GOV'Tbb6,500bb55,000bb200,0006,50055,000200,000BUDGETARY FUND BALANCEFUND BALANCEACCOUNTS PAYABLERESERVE FOR ENCUMBRANCESRESERVE FOR ENCUMBRANCES(beginning of year)6,300bb-bb255,200bb6,300-255,200REVENUESREVENUESEXPENDITURES - STREETINTERGOVERNMENTALINVESTMENT INTEREST& HIGHWAY MAINTENANCEENCUMBRANCES----BUDGETARY ACCOUNTSBUDGETARYESTIMATED REVENUESAPPROPRIATIONSFUND BALANCE---
&L&16City of Monroe&C&16
Street and Highway Fund - General Ledger
Closing EntriesBUDGETARYAccount TitleDebitsCreditsFUND BALANCE-Preclosingclosing entry-FUND BALANCE255,200Preclosingclosing entry255,200ending balanceComplete the following tableNon-spendableRestrictedCommittedAssignedUnassignedTotalFund Balance-Budgetary Fund Balance - Reserve for Encumbrances-Totals------
&L&14City of Monroe&C&14
STREET & HIGHWAY MAINTENANCE FUND - Closing Entries
Stmt of revenues & expendituresRevenuesIntergovernmental RevenuesInterest on InvestmentsTotal Revenues$ -ExpendituresCurrent:Street & Highway MaintenanceTotal Expenditures-Excess (Deficiency) of Revenues Over Expenditures-Fund Balance, January 1Fund Balance, December 31$ -
&L&"Times New Roman,Regular"&14City of Monroe
Statement of Revenues, Expenditures and Changes in Fund Balance
Street and Highway Maintenance Fund
For the year ended December 31, 2014
Balance SheetAssetsCashInvestmentsDue from State GovernmentTotal Assets$ -Liabilities and Fund EquityLiabilitiesAccounts PayableFund EquityFund Balance - Restricted forStreet and Highway MaintenanceTotal Liabilities and Fund Equity$ -
&L&"Times New Roman,Regular"&14City of Monroe
Street & Highway Maintenance Fund
Balance Sheet
As of December 31, 2014
Problem 1Problem 1Required: Identify the financial statement on which each of the following items appears by making an X in the appropriate column. The first one is done for you!(15 points total, 1 point each)IncomeBalanceStatement ofItemStatementSheetCash FlowsAccounts PayableXAccounts ReceivableAdvertising ExpenseCommon StockDividendsEquipmentFinancing ActivitiesInvesting ActivitiesLandOperating ActivitiesRent ExpenseRetained EarningsRevenueSalaries PayableUtility Expense
Problem 2Problem 2Required: Show the effects on the financial statements using a horizontal statement model as outlined below. The first one is done for you!(35 points total, 5 points each)1Sold $30,000 in merchandise for cash2Paid $5,000 for rent with cash3Paid $10,000 in salaries to employees with cash4Sold $25,000 in merchandise and customer paid on credit5Collected $10,000 cash for transaction #46Purchased a building for $100,000 and took out a loan for the money7Paid $1,200 for insuranceBala.
src/CommissionCalculation.javasrc/CommissionCalculation.javaimport java.util.Scanner;
import java.text.NumberFormat;
publicclassCommissionCalculation
{
publicstaticvoid main(String args[])
{
finaldouble salesTarget=600000;
//create an object of Scanner class to get the keyboard input
Scanner keyInput =newScanner(System.in);
//for currency format
NumberFormat numberFormat =NumberFormat.getCurrencyInstance();
//creating an object of SalesPerson class
SalesPerson salesPerson =newSalesPerson();
//prompt the user to enter the annual sales
System.out.print("Enter the annual sales : ");
double sale = keyInput.nextDouble();
//Calculate normal commission until sales target is reached
if(sale<=salesTarget)
{
//set the value of annual sale of sales person object
salesPerson.setAnnualSales(sale);
//displaying the report
System.out.println("The total annual compensation : "+numberFormat.format(salesPerson.getAnnualCompensation()));
}
//show compensation table with Accelerated factor when sales target exceeds
else
{
//method to show a compensation table if sales exceed 600000
salesPerson.getCompensationTable(sale);
}
}
}
src/SalesPerson.javasrc/SalesPerson.java
publicclassSalesPerson{
privatefinaldouble fixedSalary =120000.00;
privatefinaldouble commissionRate =1.2;
privatefinaldouble salesTarget=600000;
privatefinaldouble accelerationfactor=1.20;
privatedouble annualSales;
//default constructor
publicSalesPerson(){
annualSales =0.0;
}
//parameterized constructor
publicSalesPerson(double aSale){
annualSales = aSale;
}
//getter method for the annual sales
publicdouble getAnnualSales(){
return annualSales;
}
//method to set the value of annual sale
publicvoid setAnnualSales(double aSale){
annualSales = aSale;
}
//method to calculate and get commission
publicdouble getCommission()
{
if(annualSales<(0.80*salesTarget))
{
return0;
}
else
{
return annualSales *(commissionRate/100.0);
}
}
//method to calculate and calculate Compensation with Accelerated commission and display table
void getCompensationTable(double annualSales)
{
int count=0;
System.out.println("Annual Sales\t Total Compensation");
for(annualSales=salesTarget;annualSales<=((salesTarget)+(0.5*salesTarget));annualSales+=5000)
{
count=count+1;
double comm= annualSales *(commissionRate*Math.pow(1.2,count)/100.0);
System.out.println(annualSales+"\t"+(fixedSalary+comm));
}
}
//method to calculate and get annual compensation
publicdouble getAnnualCompensation(){
return fixedSalary + getCommission();
}
}
The development of any marketing mix depends on positioning, a process that influences potential customers' overall perception of a brand, product line, or organization in general. Position is the place a product, brand, or group of products occupies in consumers' minds relative to competing offering. Review positioning in your text. There are many examples to illustrate this concept. Then:
1. Describe the position .
SQLServerFiles/Cars.mdf
__MACOSX/SQLServerFiles/._Cars.mdf
SQLServerFiles/Contacts.mdf
__MACOSX/SQLServerFiles/._Contacts.mdf
SQLServerFiles/Cottages.mdf
__MACOSX/SQLServerFiles/._Cottages.mdf
SQLServerFiles/KataliClub.mdf
__MACOSX/SQLServerFiles/._KataliClub.mdf
SQLServerFiles/Northwind.mdf
__MACOSX/SQLServerFiles/._Northwind.mdf
SQLServerFiles/Northwind.sdf
__MACOSX/SQLServerFiles/._Northwind.sdf
SQLServerFiles/Pubs.mdf
__MACOSX/SQLServerFiles/._Pubs.mdf
SQLServerFiles/ReadMe.doc
SQL Server Files
Make sure to copy the SQL Server files to a read/write medium before attempting to use them in a program. The act of selecting a file for a connection creates an .ldf file, which fails on a read-only CD.
__MACOSX/SQLServerFiles/._ReadMe.doc
SQLServerFiles/RnrBooks.mdf
__MACOSX/SQLServerFiles/._RnrBooks.mdf
__MACOSX/._SQLServerFiles
“Subsea pipelines connectors”
Subsea pipeline are very popular around the world. Almost every water body has a pipeline, whether it is to transport distilled or spring water, or for gas, or for crude oil. Pipeline with great lengths are broken into segments, and has a connector between each segment; such a methodology are used to control damage and makes it easier for manufacturing and maintenance. However, theses devices are not perfect, and have different aspects that need to be considered when choosing one. Aspects are such as: pressure drop, installment, repair, and material used.
Different types of subsea pipeline connectors are being developed and used everyday in different parts of the world. Manufacturers are racing to be ahead of the technological advancement and rule the market. Starting with a fundamental article about the advancement and the market availability of subsea pipeline connectors back in 1976 to the current technology, this paper will review the literature materials of the present solutions of subsea pipeline connectors. Connectors technology in 1976
This fundamental article written by H. Mohr discusses the available subsea pipe connectors back in 1976[1]. The article offers solution that is applicable for a specific period of time, but when the technology of its time period is expired and new solutions are offered the article would hardly be discussed anymore, which actually made it impossible to find online or in nearby library. However, in general, the solutions offered and the way there were discussed are actually very relatable to this paper.
The paper lays on the three major methods of connections, then goes on to examine the current commercial product at that time. Three methods mentioned are the basic welding, elastomeric connectors, and advanced engineered horizontal systems. H. Mohr then moves to the market demand of the three methods, and two methods only were discussed, welding and mechanical connectors.
“Much emphasis had been placed on welded subsea connections in recent years, but properly designed and installed mechanical connections will always have an ap.
Square, Inc. is a financial services, merchant services aggregat.docxrafbolet0
Square, Inc. is a financial services, merchant services aggregator and mobile payment company based in San Francisco, California. The company markets several software and hardware payments products, including Square Register and Square Reader, and has expanded into small business services such as Square Capital, a financing program, and Square Payroll. The company was founded in 2009 by Jack Dorsey and Jim McKelvey and launched its first app and service in 2010.
• Square Register allows individuals and merchants in the United States, Canada, and Japan to accept offline debit and credit cards on their iOS or Android smartphone or tablet computer. The application software("app") supports manually entering the card details or swiping the card through the Square Reader, a small plastic device that plugs into the audio jack of a supported smartphone or tablet and reads the magnetic stripe. On the iPad version of the Square Register app, the interface resembles a traditional cash register.
Download and read the documents in Edgar.
– http://www.sec.gov/edgar.shtml
– And find the all files that are filed (especially S1)
• Find the information relevant to future sales.
• Construct the Pro‐forma income statement.
• Estimate future free cash flows for the next five years (account for investments, change in working capital, depreciation and taxes)
• Make a reasonable assumption about the growth rate of cash flows until infinity.
2013-10-22 22.19.51.jpg
2013-10-22 22.20.19.jpg
2013-10-22 22.21.54.jpg
Information and society
Since the advent of easy access to the internet and the World Wide Web, society has a different attitude towards information and access to information. The technology changes – from slow desk-tops with dial-up access to smartphones – have also changed our interaction with information.
This is also an area in which generational differences show up. Those of us born before the mid1980s or 1990s have followed all of these changes and have had to adapt to it. For those born in the 1990s (the millennials or digital natives), these methods of getting information have always existed. The millenials have seen some of the technology changes but don’t remember the “old” way. Keep this in mind as you read these notes.
An information society
At the beginning of the semester we talked about the many different ways we get information and the definitions of information. Now we’re going to look more at how information and information technologies have changed society.
Lester and Koehler talk about defining an information society in economic sense. While this is important, I don’t think we need to look at the percentage of our GNP to see that we do live in an information society. Think of all the companies that are based on information – computer technologies, web based businesses, cell phone and technologies, GPS, etc. There are also jobs that rely on information – customer service, stock markets, etc.
Our relationship with information .
SQL SQL 2) Add 25 CUSTOMERSs so that you now have 50 total..docxrafbolet0
The document contains SQL code that inserts 25 new customers and 25 new vehicles into database tables to increase the total numbers of customers and vehicles to 50 each. The code provides details of the customer and vehicle records being inserted such as names, addresses, vehicle details.
SPSS Input
Stephanie Crookston, Dominique Garrett-Smith, Latesha Simpson, Jannie Tollvier,
PSYCH/625
November 25, 2013
Mary Farmer
SPSS Input
After looking at the data and putting it through the ANOVA test; the conclusions are as follows:
There is a huge difference between the groups regarding degrees of freedom. And the use of ANOVA is essential because it is samples taken at different points and times of the same people. Probability is at zero percent because that means its directly at the mean and the f score is used to see if the null hypothesis can be rejected or fail to be rejected of its less than the critical value.
ANOVA
Score
Sum of Squares
df
Mean Square
F
Sig.
Between Groups
609265.938
1
609265.938
2495.987
.000
Within Groups
53213.402
218
244.098
Total
662479.340
219
In a 1000-1250 word essay, explain the meaning of one visual symbol in American Beauty and the relation of that symbol to the message of the film as a whole. Since context forms meaning, you should analyze several instances in which the symbol appears in the film, explaining the meaning of the symbol in each appearance and showing how each instance contributes to the meaning of the symbol in the film as a whole. Since film is a visual medium, I have intentionally asked you to analyze a visual element for this assignment. Therefore, while you certainly should utilize dialogue or other elements of the film’s narrative, please do not neglect to interpret the specifically filmic aspects of this text, such as (but not limited to) camera work (framing, shot length, etc.), editing (“cutting” or “splicing”), sound effects, wardrobe, and lighting.
Here are some visual symbols from which you may choose, but please don’t feel limited to these:
· Plastic bags
· Roses
· Cameras
· Windows or Mirrors
· Guns
· Extreme darkness or bright light
· Specific colors or color combinations
Please note that the task here is twofold: you should present an interpretation of the particular symbol you choose and show how that symbol helps construct the overall message of the film as you see it. A successful thesis statement will present a clear articulation of the meaning of your chosen symbol, a succinct statement as to the overall message of the film, and an explanation of the relationship between these two. As with the other essays for this class, please avoid rendering value judgments. You should not present an evaluation of whether or not you like the film (or whether it’s “good” or “bad”).
Since a successful analysis will require more viewing of the film than what we have time for in class, you may find it advantageous to rent/purchase/download a copy for yourself. For those who would rather not attain their own copy, I have also put a copy of the film on reserve in the library.
Due Dates:
Four copies of your rough draft due: Tuesday 3 December
Workshop: Thursday 5 December
Final draft due: Thursday 12/12 (the day of th.
Spring
2015
–
MAT
137
–Luedeker
Name:
________________________________
Quiz
#1
–
Introduction
to
Sigma
Notation
Directions:
Please
print
out
this
assignment
or
rewrite
the
problems
on
another
sheet
of
paper.
Write
the
final
answer
as
an
integer
or
an
improper
fraction.
You
must
show
all
work
to
receive
credit.
This
assignment
is
due
Wednesday
January
14
at
the
start
of
class.
The
notation
𝑓(𝑛)
!
!!!
is
called
Sigma
Notation.
The
symbol
Σ
means
sum
a
sequence
of
numbers.
The
first
number
in
the
sequence
is
𝑓 𝑎 ,
the
second
number
in
the
sequence
is
𝑓 𝑎 + 1 ,
the
third
number
in
the
sequence
is 𝑓 𝑎 + 2
etc.
,
and
the
last
number
in
the
sequence
is
𝑓(𝑚).
Here
are
two
examples:
𝑛 = 2 + 3 + 4 + 5 + 6 + 7 = 27
!
!!!
𝑛! + 1 =
!
!!!
3! + 1 + 4! + 1 + 5! + 1 + 6! + 1 = 10 + 17 + 26 + 37 = 90
Problems:
Simplify.
Write
your
answer
as
an
integer
or
improper
fraction.
Show
all
work.
1. 𝑛
!"
!!!
2.
1
2!
!
!!!
3.
1
𝑛
!
!!!
4. (−1)!
!
!!!
1
𝑛
5.
1
𝑛!
!
!!!
Spring
2015
–
MAT
137
–Luedeker
Name:
________________________________
Quiz
#2
–
Numerical
Integration
Directions:
Please
print
out
this
assignment
or
rewrite
the
problems
on
another
sheet
of
paper.
Write
the
final
answer
as
a
decimal
rounded
to
three
decimal
places.
You
must
show
all
work
to
receive
credit.
This
assignment
is
due
Friday
January
16
at
the
start
of
class.
Consider
the
definite
integral
𝑒!
!
𝑑𝑥!! .
Use
n
=
4
and
the
following
methods
to
estimate
the
value
of
the
definite
integral.
1. Left
Rule
2. Right
Rule
3. Midpoint
Rule
4. Trapezoid
Rule
5. Simpson’s
Rule
Spring
2015
–
MAT
137
–Luedeker
Name:
________________________________
Quiz
#3
Directions:
Please
print
out
this
assignment
or
rewrite
the
problems
on
another
sheet
of
paper.
You
must
show
all
work
to
receive
credit.
This
assignment
Springdale Shopping SurveyThe major shopping areas in the com.docxrafbolet0
Springdale Shopping Survey*
The major shopping areas in the community of Springdale include Springdale Mall, West Mall, and the downtown area on Main Street. A telephone survey has been conducted to identify strengths and weaknesses of these areas and to find out how they fit into the shopping activities of local residents. The 150 respondents were also asked to provide information about themselves and their shopping habits. The data are provided in the file SHOPPING. The variables in the survey were as follows:
A. How Often Respondent Shops at Each Area (Variables 1–3)
1. Springdale Mall
2. Downtown
3. West Mall
6 or more times/wk.
(1)
(1)
(1)
4–5 times/wk.
(2)
(2)
(2)
2–3 times/wk.
(3)
(3)
(3)
1 time/wk.
(4)
(4)
(4)
2–4 times/mo.
(5)
(5)
(5)
0–1 times/mo.
(6)
(6)
(6)
B. How Much the Respondent Spends during a Trip to Each Area (Variables 4–6)
4. Springdale Mall
5. Downtown
6. West Mall
$200 or more
(1)
(1)
(1)
$150–under $200
(2)
(2)
(2)
$100–under $150
(3)
(3)
(3)
$ 50–under $100
(4)
(4)
(4)
$ 25–under $50
(5)
(5)
(5)
$ 15–under $25
(6)
(6)
(6)
less than $15
(7)
(7)
(7)
C. General Attitude toward Each Shopping Area (Variables 7–9)
7. Springdale Mall
8. Downtown
9. West Mall
Like very much
(5)
(5)
(5)
Like
(4)
(4)
(4)
Neutral
(3)
(3)
(3)
Dislike
(2)
(2)
(2)
Dislike very much
(1)
(1)
(1)
D. Which Shopping Area Best Fits Each Description (Variables 10–17)
Springdale
Mall
Downtown
West
Mall
No
Opinion
10. Easy to return/exchange goods
(1)
(2)
(3)
(4)
11. High quality of goods
(1)
(2)
(3)
(4)
12. Low prices
(1)
(2)
(3)
(4)
13. Good variety of sizes/styles
(1)
(2)
(3)
(4)
14. Sales staff helpful/friendly
(1)
(2)
(3)
(4)
15. Convenient shopping hours
(1)
(2)
(3)
(4)
16. Clean stores and surroundings
(1)
(2)
(3)
(4)
17. A lot of bargain sales
(1)
(2)
(3)
(4)
E. Importance of Each Item in Respondent’s Choice of a Shopping Area (Variables 18–25)
Not Very
Important Important
F. Information about the Respondent (Variables 26–30)
(
18.
Easy
to
return/exchange
goods
(1)
(2)
(3)
(4)
(5)
(6)
(7)
19.
High
quality
of
goods
(1)
(2)
(3)
(4)
(5)
(6)
(7)
20.
Low
prices
(1)
(2)
(3)
(4)
(5)
(6)
(7)
21.
Good
variety
of
sizes/styles
(1)
(2)
(3)
(4)
(5)
(6)
(7)
22.
Sales
staff
helpful/friendly
(1)
(2)
(3)
(4)
(5)
(6)
(7)
23.
Convenient
shopping
hours
(1)
(2)
(3)
(4)
(5)
(6)
(7)
24.
Clean
stores
and
surroundings
(1)
(2)
(3)
(4)
(5)
(6)
(7)
25.
A
lot
of
bargain
sales
(1)
(2)
(3)
(4)
(5)
(6)
(7)
t
)26. Gender: (1) = Male (2) = Female
27. Number of years of school completed:
(1) = less than 8 years (3) = 12–under 16 years
(2) = 8–under 12 years (4) = 16 years or more
28. Marital status: (1) = Married (2) = Single or other
29. Number of people in household: pe.
Springfield assignment InstructionFrom the given information, yo.docxrafbolet0
Springfield assignment Instruction
From the given information, you are required to make a functional network. In Springfield we have a router and four switches connected as daisy chain topology. Then we have output of show commands. It is obvious that it is a non-functional network and you have to implement a solution to make functional.
Task in Springfield assignment
· From the show output commands, you can identify the problems and then provide solution.
· Configure all the tasks as in Springfield assignment as per instructions
· Create Server VLAN, Instructional VLAN, and Administrative VLAN
· Configure Access method of VLANs
· Configure Switch 1 as root bridge
· Configure trunking on all switches
· Configure default gateway
· Create and configure interface VLAN1
First of all, allow me to thank you for your email of offer dated September 2, 2015. I am writing to inform you of my acceptance to your kind offer and in my class CMIT 350/6380. This class has one technical writing assignment broken into three parts: Draft1, Draft2, and Draft3. I do not have any sample assignment, however I am reviewing student’s draft version and providing feedback. To help you in this regard I am submitting you below outline pf paper.
In the beginning please give brief descriptions of the project, such as why are you doing, what are the problems, and possible solutions.
Background information:
Springfield site network is assigned to me to investigate the problems and find the solutions to fix the problem. From the site topology and sh output commands I determined that spanning-tree protocol is misconfigured and it is blocking few ports. And these are the reasons that network is a non-functional.
Implementing
Solution
:
The following are required information for configuring the network
IP address range 10.30.x.x/16
Device to be configured
Configuring commands
Device Names
Configuration Required
Configuring command
Switch#1
All devices
Host name
Hostname Switch_Springfield1
Switch#2
Host name
Hostname Switch_Springfield2
Switch1
All devices
Create console password
Create vty password
Only on Switch1
Create VLANs
Access vlan
Interface fa0/0
Switchport mode adccess
Switchport access vlan 11
Switch1
All Switches
Create trunk connections between switches
Int gi0/0
Switchport mode trunk
Switchport trunk encapsulation dot1q
Switchport trunk allowed native vlan 1
Router
Configure ip address
Int fa0/0
Ip address 10.30.1.1 255.255.255.0
Switch1
Configure default gateway
Ip default-gateway 10.30.1.1 255.255.255.0
Switches
Configure spanning-tree protocol
Spanning-tree RPVST
Switch1
Make Swich 1 as root bridge of network
Configurations
Rough Draft
This paper will focus on the four main theoretical perspectives within sociology which include conflict, functionalism, utilitarianism and symbolic interactionism with the attempt to explain why groups of people choose to perform certain actions and how societies function or change in a certain way.
Socio.
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...Dr. Vinod Kumar Kanvaria
Exploiting Artificial Intelligence for Empowering Researchers and Faculty,
International FDP on Fundamentals of Research in Social Sciences
at Integral University, Lucknow, 06.06.2024
By Dr. Vinod Kumar Kanvaria
Walmart Business+ and Spark Good for Nonprofits.pdfTechSoup
"Learn about all the ways Walmart supports nonprofit organizations.
You will hear from Liz Willett, the Head of Nonprofits, and hear about what Walmart is doing to help nonprofits, including Walmart Business and Spark Good. Walmart Business+ is a new offer for nonprofits that offers discounts and also streamlines nonprofits order and expense tracking, saving time and money.
The webinar may also give some examples on how nonprofits can best leverage Walmart Business+.
The event will cover the following::
Walmart Business + (https://business.walmart.com/plus) is a new shopping experience for nonprofits, schools, and local business customers that connects an exclusive online shopping experience to stores. Benefits include free delivery and shipping, a 'Spend Analytics” feature, special discounts, deals and tax-exempt shopping.
Special TechSoup offer for a free 180 days membership, and up to $150 in discounts on eligible orders.
Spark Good (walmart.com/sparkgood) is a charitable platform that enables nonprofits to receive donations directly from customers and associates.
Answers about how you can do more with Walmart!"
LAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UPRAHUL
This Dissertation explores the particular circumstances of Mirzapur, a region located in the
core of India. Mirzapur, with its varied terrains and abundant biodiversity, offers an optimal
environment for investigating the changes in vegetation cover dynamics. Our study utilizes
advanced technologies such as GIS (Geographic Information Systems) and Remote sensing to
analyze the transformations that have taken place over the course of a decade.
The complex relationship between human activities and the environment has been the focus
of extensive research and worry. As the global community grapples with swift urbanization,
population expansion, and economic progress, the effects on natural ecosystems are becoming
more evident. A crucial element of this impact is the alteration of vegetation cover, which plays a
significant role in maintaining the ecological equilibrium of our planet.Land serves as the foundation for all human activities and provides the necessary materials for
these activities. As the most crucial natural resource, its utilization by humans results in different
'Land uses,' which are determined by both human activities and the physical characteristics of the
land.
The utilization of land is impacted by human needs and environmental factors. In countries
like India, rapid population growth and the emphasis on extensive resource exploitation can lead
to significant land degradation, adversely affecting the region's land cover.
Therefore, human intervention has significantly influenced land use patterns over many
centuries, evolving its structure over time and space. In the present era, these changes have
accelerated due to factors such as agriculture and urbanization. Information regarding land use and
cover is essential for various planning and management tasks related to the Earth's surface,
providing crucial environmental data for scientific, resource management, policy purposes, and
diverse human activities.
Accurate understanding of land use and cover is imperative for the development planning
of any area. Consequently, a wide range of professionals, including earth system scientists, land
and water managers, and urban planners, are interested in obtaining data on land use and cover
changes, conversion trends, and other related patterns. The spatial dimensions of land use and
cover support policymakers and scientists in making well-informed decisions, as alterations in
these patterns indicate shifts in economic and social conditions. Monitoring such changes with the
help of Advanced technologies like Remote Sensing and Geographic Information Systems is
crucial for coordinated efforts across different administrative levels. Advanced technologies like
Remote Sensing and Geographic Information Systems
9
Changes in vegetation cover refer to variations in the distribution, composition, and overall
structure of plant communities across different temporal and spatial scales. These changes can
occur natural.
Main Java[All of the Base Concepts}.docxadhitya5119
This is part 1 of my Java Learning Journey. This Contains Custom methods, classes, constructors, packages, multithreading , try- catch block, finally block and more.
How to Add Chatter in the odoo 17 ERP ModuleCeline George
In Odoo, the chatter is like a chat tool that helps you work together on records. You can leave notes and track things, making it easier to talk with your team and partners. Inside chatter, all communication history, activity, and changes will be displayed.
The simplified electron and muon model, Oscillating Spacetime: The Foundation...RitikBhardwaj56
Discover the Simplified Electron and Muon Model: A New Wave-Based Approach to Understanding Particles delves into a groundbreaking theory that presents electrons and muons as rotating soliton waves within oscillating spacetime. Geared towards students, researchers, and science buffs, this book breaks down complex ideas into simple explanations. It covers topics such as electron waves, temporal dynamics, and the implications of this model on particle physics. With clear illustrations and easy-to-follow explanations, readers will gain a new outlook on the universe's fundamental nature.
This presentation was provided by Steph Pollock of The American Psychological Association’s Journals Program, and Damita Snow, of The American Society of Civil Engineers (ASCE), for the initial session of NISO's 2024 Training Series "DEIA in the Scholarly Landscape." Session One: 'Setting Expectations: a DEIA Primer,' was held June 6, 2024.
ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...PECB
Denis is a dynamic and results-driven Chief Information Officer (CIO) with a distinguished career spanning information systems analysis and technical project management. With a proven track record of spearheading the design and delivery of cutting-edge Information Management solutions, he has consistently elevated business operations, streamlined reporting functions, and maximized process efficiency.
Certified as an ISO/IEC 27001: Information Security Management Systems (ISMS) Lead Implementer, Data Protection Officer, and Cyber Risks Analyst, Denis brings a heightened focus on data security, privacy, and cyber resilience to every endeavor.
His expertise extends across a diverse spectrum of reporting, database, and web development applications, underpinned by an exceptional grasp of data storage and virtualization technologies. His proficiency in application testing, database administration, and data cleansing ensures seamless execution of complex projects.
What sets Denis apart is his comprehensive understanding of Business and Systems Analysis technologies, honed through involvement in all phases of the Software Development Lifecycle (SDLC). From meticulous requirements gathering to precise analysis, innovative design, rigorous development, thorough testing, and successful implementation, he has consistently delivered exceptional results.
Throughout his career, he has taken on multifaceted roles, from leading technical project management teams to owning solutions that drive operational excellence. His conscientious and proactive approach is unwavering, whether he is working independently or collaboratively within a team. His ability to connect with colleagues on a personal level underscores his commitment to fostering a harmonious and productive workplace environment.
Date: May 29, 2024
Tags: Information Security, ISO/IEC 27001, ISO/IEC 42001, Artificial Intelligence, GDPR
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: ISO/IEC 27001 Information Security Management System - EN | PECB
ISO/IEC 42001 Artificial Intelligence Management System - EN | PECB
General Data Protection Regulation (GDPR) - Training Courses - EN | PECB
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
हिंदी वर्णमाला पीपीटी, hindi alphabet PPT presentation, hindi varnamala PPT, Hindi Varnamala pdf, हिंदी स्वर, हिंदी व्यंजन, sikhiye hindi varnmala, dr. mulla adam ali, hindi language and literature, hindi alphabet with drawing, hindi alphabet pdf, hindi varnamala for childrens, hindi language, hindi varnamala practice for kids, https://www.drmullaadamali.com
it describes the bony anatomy including the femoral head , acetabulum, labrum . also discusses the capsule , ligaments . muscle that act on the hip joint and the range of motion are outlined. factors affecting hip joint stability and weight transmission through the joint are summarized.
Strategies for Effective Upskilling is a presentation by Chinwendu Peace in a Your Skill Boost Masterclass organisation by the Excellence Foundation for South Sudan on 08th and 09th June 2024 from 1 PM to 3 PM on each day.
Special Publication 500-293 (Draft) US Government Cloud Computin.docx
1. Special Publication 500-293 (Draft)
US Government Cloud Computing Technology Roadmap
Volume II Release 1.0 (Draft)
Useful Information for Cloud Adopters
Lee Badger, Robert Bohn, Shilong Chu, Mike Hogan, Fang Liu,
Viktor Kaufmann, Jian Mao, John Messina, Kevin Mills, Annie
Sokol, Jin Tong, Fred Whiteside and Dawn Leaf
NIST Cloud Computing Program Information Technology
Laboratory
This page left intentionally blank
NIST Special Publication 500-293 (Draft)
US Government Cloud Computing Technology Roadmap
Volume II Release 1.0 (Draft)
Useful Information for Cloud Adopters
Lee Badger, Robert Bohn, Shilong Chu, Mike Hogan, Fang Liu,
Viktor Kaufmann, Jian Mao, John Messina, Kevin Mills, Annie
Sokol, Jin Tong, Fred Whiteside and Dawn Leaf
Information Technology Laboratory
Cloud Computing Program Information Technology Laboratory
National Institute of Standards and Technology Gaithersburg,
MD 20899
November 2011
U.S. Department of Commerce
John E. Bryson, Secretary
National Institute of Standards and Technology
Patrick D. Gallagher, Under Secretary for Standards and
Technology and Director
NIST SP 500-293 NIST US Government Cloud Computing
Technology Roadmap, Release 1.0 (Draft)
NIST US Government Cloud Computing Technology Roadmap,
Volume II, Release 1.0 (Draft) November 2011
Reports on Computer Systems Technology
The Information Technology Laboratory (ITL) at the National
Institute of Standards and Technology (NIST) promotes the U.S.
2. economy and public welfare by providing technical leadership
for the nation’s measurement and standards infrastructure. ITL
develops tests, test methods, reference data, proof of concept
implementations, and technical analysis to advance the
development and productive use of information technology.
This Special Publication 500-series reports on ITL’s research,
guidance, and outreach efforts in Information Technology and
its collaborative activities with industry, government, and
academic organizations.
National Institute of Standards and Technology Special
Publication 500-293 (Draft) Natl. Inst. Stand. Technol. Spec.
Publ. 500-293, 85 pages (November 2011)
Certain commercial entities, equipment, or materials may be
identified in this document in order to describe an experimental
procedure or concept adequately. Such identification is not
intended to imply recommendation or endorsement by the
National Institute of Standards and Technology, nor is it
intended to imply that the entities, materials, or equipment are
necessarily the best available for the purpose.
NIST US Government Cloud Computing Technology Roadmap,
Volume II, Release 1.0 (Draft) November 2011
Acknowledgments
The authors, Shilong Chu, Fang Liu, Viktor Kaufmann, Jian
Mao, and Jin Tong, of Knowcean Consulting Incorporated
(under contract through the Federal Integrated Product Team,
Space & Naval Warfare (SPAWAR) Systems Center Atlantic,
Lee Badger, Robert Bohn, Mike Hogan, John Messina, Kevin
Mills, Annie Sokol, Fred Whiteside and Dawn Leaf of the
National Institute of Standards and Technology (NIST),
gratefully acknowledge and appreciate the broad contributions
from members of the NIST Cloud Computing US Government
Target Business Use Case, Reference Architecture and
Taxonomy, Standards Acceleration to Jumpstart the Adoption of
Cloud Computing (SAJACC), Security, and Standards Roadmap
3. Working Groups.
We especially acknowledge Carolyn French, Romayne Hines,
Michaela Iorga, Elizabeth Lennon, and Peter Mell of NIST for
providing technical input and detailed editorial support.
Appendix A presents an extended list of contributors that
participated and contributed to NIST public working groups.
Appendix B lists references that were consulted in the
development of this document. Additional acknowledgments
will be added upon the final publication of this guideline.
NIST US Government Cloud Computing Technology Roadmap,
Volume II, Release 1.0 (Draft) November 2011
NIST US Government Cloud Computing Technology Roadmap,
Volume II, Release 1.0 (Draft) November 2011
Table of Contents
Executive Summary
...............................................................................................
..................................... 11
1
2
Introduction
...............................................................................................
......................................... 13
1. 1.1 NIST Cloud Computing Program Background
........................................................................... 13
2. 1.2 NIST Cloud Computing Program
Vision....................................................................................
13
3. 1.3 Intended Audience and Use
.......................................................................................... .....
......... 14
4. 1.4 Document Organization
...............................................................................................
............... 14
NIST Cloud Computing Definition and Reference Architecture
....................................................... 16
1. 2.1 Revisiting the
4. Definition...............................................................................
..............................16
2. 2.2 NIST Cloud Computing Reference
Architecture........................................................................18
1. 2.2.1 Conceptual Model
...............................................................................................
.................. 19
2. 2.2.2 Cloud Computing Actors
...............................................................................................
....... 19
3. 2.2.3 Architecture
Components............................................................................
.......................... 23
2.3 NIST Cloud Computing
Taxonomy...............................................................................
............. 24 Cloud Computing Use Cases and
Requirements..........................................................................
...... 26 3.1 Target Business Use Case and High-Level
Requirements..........................................................26
1. 3.1.1 Business Use Case
Template.................................................................................
................ 28
2. 3.1.2 Business Use Case
Summaries..............................................................................
................ 28
3. 3.1.3 Business Use Case
Analysis..................................................................................
................ 31
3.2 SAJACC Use Cases and Technical
Requirements...................................................................... 44
Cloud Computing Standards and Gap Analysis
................................................................................. 46
1. 4.1 Cloud Computing Standards
...............................................................................................
........ 46
2. 4.2 Cloud Computing Standards Gaps and USG
5. Priorities............................................................... 47
3. 4.3 Accelerating the Development and the Use of Cloud
Computing Standards ............................. 48
High-Priority Security
Requirements..........................................................................
.......................49 5.1 Understanding Security in the Cloud
Context ............................................................................ 50
1. 5.1.1 Cloud Service Model
Perspectives............................................................................
............ 50
2. 5.1.2 Implications of Cloud Deployment Models
.......................................................................... 50
3. 5.1.3 Shared Security Responsibilities
...........................................................................................
50
4. 5.1.4 Developing Security Architecture for Cloud Systems
.......................................................... 51
3
4
5
NIST US Government Cloud Computing Technology Roadmap,
Volume II, Release 1.0 (Draft) November 2011
6
7
2. 5.2 Challenging Security Requirements and Risk Mitigations
......................................................... 51
3. 5.3 Process-Oriented
Requirements..........................................................................
........................52
1. 5.3.1 Application of NIST SP 800-53-style Controls and
Compliance ......................................... 52
2. 5.3.2 Cloud Audit Assurance and Log Sensitivity
Management ................................................... 53
3. 5.3.3 Cloud Certification and Accreditation Guidelines
................................................................ 56
4. 5.3.4 Clear eDiscovery
6. Guidelines...............................................................................
.................. 56
5. 5.3.5 Cloud Privacy
Guidelines...............................................................................
....................... 57
6. 5.3.6 Clarified Security Control Roles and
Responsibilities..........................................................59
7. 5.3.7 Trustworthiness of Cloud Operators
..................................................................................... 59
8. 5.3.8 Business Continuity and Disaster Recovery
......................................................................... 60
5.4 Focused Technical Requirements
...............................................................................................
61
1. 5.4.1 Technical Continuous Monitoring Capabilities
.................................................................... 62
2. 5.4.2 Visibility for Customers
...............................................................................................
......... 63
3. 5.4.3 Control for Customers
...............................................................................................
............ 63
4. 5.4.4 Data Protection
Concerns.................................................................................
..................... 65
5. 5.4.5 Risk of Account Compromise
...............................................................................................
66
6. 5.4.6 Identity and Access Management (IAM) and
Authorization ................................................ 67
7. 5.4.7 Multi-tenancy Risks and Concerns
....................................................................................... 69
8. 5.4.8 Cloud-Based Denial of Service
.............................................................................................
70
9. 5.4.9 Incident Response
7. ...............................................................................................
.................. 71
Other Related Work
...............................................................................................
............................ 72 6.1 Cloud Data Issues
...............................................................................................
........................ 72
1. 6.1.1 Operational Data
Functions................................................................................
................... 72
2. 6.1.2 Informational Data and Data Services
.................................................................................. 74
2. 6.2 Service-Level Agreement Taxonomy
......................................................................................... 75
3. 6.3 Reliability Research in Cloud-based Complex Systems
............................................................. 77
Summary and Next Steps
...............................................................................................
.................... 78
Appendix A. USG Federal Cloud Computing Standards Working
Group Members and Interagency, Academic, Standards
Organizations, and Industry Contributors
................................................................ 79
Appendix B. Useful References
...............................................................................................
.............. 83
NIST US Government Cloud Computing Technology Roadmap,
Volume II, Release 1.0 (Draft) November 2011
NIST US Government Cloud Computing Technology Roadmap,
Release 1.0 (Draft) November 2011
Executive Summary
The first release of the Special Publication 500-293, United
States Government USG Cloud Computing Technology
Roadmap document consists of two volumes. Consistent with
the NIST Cloud Computing program strategy, the roadmap
focuses on both strategic and tactical objectives related to cloud
8. computing.
Volume I, High-Priority Requirements to Further USG Cloud
Computing Adoption, frames the discussion and introduces the
roadmap in terms of summarized strategic requirements that
must be met for USG agencies to further cloud adoption. The
roadmap strategic elements can be characterized as “high-
priority technical areas” which are enablers for cloud computing
in both the short and long term.
Volume II, Useful Information for Cloud Adopters, provides
information for those actively working on strategic and tactical
cloud computing initiatives, including but not limited to,
government cloud adopters.
This volume presents a summary of the work completed from
November 2010 through September 2011 through the NIST
Cloud Computing program and collaborative effort to develop a
USG Cloud Computing Technology Roadmap.
This document presents a representative sample of the work that
was completed and documented through this effort. Additional
working documents, special publications, meeting and other
collaboration artifacts can be found on the NIST Cloud
Computing Web site http://www.nist.gov/itl/cloud/index.cfm.
Volume II:
Introduces a conceptual model, the NIST Cloud Computing
Reference Architecture and Taxonomy;
Presents USG target business use cases and technical use
cases in the cloud;
Identifies existing interoperability, portability, and security
standards that are applicable to the cloud
computing model and specifies high-priority gaps for which new
or revised standards, guidance, and
technology need to be developed;
Discusses security challenges in the context of cloud
computing adoption, high-priority security
requirements, and current and future risk mitigation measures
requirements; and
Provides insight into the rationale for the list of candidate
9. Priority Action Plans (PAPs) recommended
for voluntary self-tasking by government and private sector
organizations, listed in Volume I.
The document presents a subset of the analysis that drove the
rationale for the requirements introduced in Volume I of this
NIST Special Publication, titled High-Priority Requirements to
Further USG Agency Cloud Computing Adoption.
The following Figure 1 shows the relationship between the
high-priority requirements in Volume I and the key NIST-led
activities and contributing sources that are summarized here in
Volume II.
Page 11
NIST US Government Cloud Computing Technology Roadmap,
Release 1.0 (Draft) November 2011
Requirement 1: International voluntary consensus based
interoperability, portability and security standards
X
X
X
Requirement 2:
Solution
s for high priority security requirements
X
X
X
10. X
X
Requirement3: Technical specifications for high quality service
level agreements
X
X
X
Requirement4: Clear& consistently categorized cloud services
X
Requirement 5: Frameworks to support federated community
clouds
X
11. X
X
Requirement6: Technical security solutions de-coupled from
organizational policy
X
Requirement 7: Defined unique government requirements and
solutions
X
X
X
Requirement8: Collaborative parallel “future cloud”
development initiatives
12. X
Requirement 9: Defined & implemented reliability design goals
X
X
X
X
Requirement 10: Defined & implemented cloud service metrics
X
X
X
X
Figure 1: Relationship between Volume I Requirements and
Work Presented in Volume II
Page 12
13. Cloud Computing Standards Roadmap Working Group
Cloud Computing Reference Architecture and Taxonomy
Working Group
Cloud Computing Security Working Group
Cloud Computing Target USG Business Use Cases Working
Group
Standards Acceleration to Jumpstart the Adoption of Cloud
Computing
NIST Speciali Publications: 800-125 Security for Virtualization,
800-144 Guidelines for Security
and Privacy in Cloud Computing, 800-146 Cloud Computing
Synopsis and Recommendations
NIST Complex Information System Measurement Project:
Koala, IaaS Computing Simulation
Model
NIST US Government Cloud Computing Technology Roadmap,
Release 1.0 (Draft) November 2011
1 Introduction
1.1 NIST Cloud Computing Program Background
The National Institute of Standards and Technology plays a
technology leadership role in accelerating the federal
government’s secure adoption of cloud computing. In this role,
NIST, in close consultation and collaboration with standards
bodies, the private sector, and other stakeholders, is leading the
efforts to develop the necessary standards and guidelines that
14. will facilitate the secure, rapid adoption of cloud computing.
The NIST Cloud Computing Program was formally launched in
November 2010, and supports the US federal government effort
to incorporate cloud computing, where appropriate, as a
replacement for, or enhancement of, the traditional information
systems and application models. The NIST Cloud Computing
Program operates in coordination with other federal cloud
computing efforts and is integrated within the Federal Cloud
Computing Strategy.1
For more information regarding the program’s scope and
objectives, the reader is referred to Volume I of this NIST
Special Publication 500-293: High-Priority Requirements to
Further USG Agency Cloud Computing Adoption.
In order to leverage the expertise of the broad cloud computing
stakeholder community, NIST has established the following
Public Working Groups:
Cloud Computing Reference Architecture and Taxonomy
Working Group
Cloud Computing Target Business Use Cases Working
Group
Cloud Computing SAJACC Technical Use Cases Working
Group
Cloud Computing Standards Roadmap Working Group
Cloud Computing Security Working Group
The groups are listed in the same sequence that their respective
15. subject matter is presented in this
document. The order does not imply priority or chronological
sequencing.
1.2 NIST Cloud Computing Program Vision
NIST seeks to provide thought leadership and guidance around
the cloud computing model to catalyze its use within industry
and government, and to shorten the adoption cycle, which will
enable near-term cost savings and increased ability to quickly
create and deploy safe and secure enterprise solutions.
Additionally, NIST is committed to fostering cloud computing
practices that support interoperability, portability, and security
requirements that are appropriate and achievable for various
usage scenarios, by focusing on the necessary standards,
specifications, and guidance that must be in place for these
requirements to be met.
The first release of the USG Cloud Computing Technology
Roadmap is presented as a two-volume NIST Special
Publication 500-293 document. The process and document
together are the mechanism used to define and communicate the
high-priority USG interoperability, portability, and security
requirements for cloud computing, and to identify the necessary
associated standards, guidance, and technology.
1 Office of Management and Budget, U.S. Chief Information
Officer, Federal Cloud Computing Strategy, Feb. 8, 2011.
Online: www.cio.gov/documents/Federal-Cloud-Computing-
16. Strategy.pdf.
Page 13
NIST US Government Cloud Computing Technology Roadmap,
Release 1.0 (Draft) November 2011
This document, Volume II of the Special Publication, focuses
on work that helped to identify the USG high-priority
interoperability, portability, and security requirements which
are introduced in Volume I and summarizes work in the
following areas:
Introduction of an overall cloud computing conceptual
model in the form of the NIST Cloud Computing Reference
Architecture and Taxonomy. This technical reference can be
used to understand, discuss, categorize, and compare different
cloud service offerings, and to facilitate the communication and
analysis of the security, interoperability, and portability
candidate standards and reference implementations.
Presentation of a template and an initial set of USG target
business and technical use cases that describe how government
agencies seek to use cloud computing, and presentation of key,
specific technical requirements that surfaced through these use
cases.
Identification of existing interoperability, portability, and
security standards and guidance that are applicable to the cloud
computing model, and identification of high-priority gaps for
which new or revised standards, guidance, and technology need
17. to be developed.
Identification of the high-priority security requirements that
challenge the adoption of cloud computing and presentation of
proposed mitigation strategies.
Discussion of considerations and activities related to cloud
Service-Level Agreements (SLAs).
1.3 Intended Audience and Use
This publication is intended for a diverse audience:
1.4
US Policy Makers, US Federal CIO Council, and those with
identified key roles identified in the Federal Cloud Computing
Strategy – as a technology-oriented reference to inform policy
and planning.
USG Agencies – as a useful tool in the context of the USG
Federal Cloud Computing Strategy risk-based management
decision framework.
Cloud Computing Stakeholders (Academia, Government,
Industry, Standards Developing Organizations) – as a
consolidated presentation of USG cloud computing technology
perspectives and work, including a unifying cloud computing
reference model, a set of documented technical requirements,
and a list of identified gaps in standards, guidance, and
technology.
18. Document Organization
Consistent with the NIST Cloud Computing program strategy,
the roadmap focuses on both strategic and tactical objectives
related to cloud computing. The strategic roadmap elements can
be characterized as “high-priority technical areas” which are
enablers for cloud computing in both the short and long term.
The tactical work not only supports strategic goals, but is
intended to support cloud adopters in the interim deployment
period as the cloud computing model is maturing.
This initial release of the roadmap special publication consists
of two volumes.
Volume I is aimed at interested parties who wish to gain a
general understanding and overview of the background,
purpose, context, work, results, and next steps of the USG
Cloud Computing Technology Roadmap initiative. Volume I
reflects the collective inputs of USG agencies through the
Federal CIO Council-sponsored Cloud Computing Standards and
Technology Working Group.
Page 14
NIST US Government Cloud Computing Technology Roadmap,
Release 1.0 (Draft) November 2011
Volume I, High-Priority Requirements to Further USG Cloud
Computing Adoption, frames the discussion and introduces the
roadmap in terms of:
Prioritized strategic and tactical requirements that must be
19. met for USG agencies to further cloud adoption;
Interoperability, portability, and security standards,
guidelines, and technology that must be in place to satisfy these
requirements; and
Recommended list of Priority Action Plans (PAPs) as
candidates for development and implementation, through
voluntary self-tasking by the cloud computing stakeholder
community, to support standards, guidelines, and technology
development.
This volume, Volume II, Useful Information for Cloud
Adopters, is designed to be useful at the tactical level to those
actively working on cloud computing initiatives, including but
not limited to, US government cloud adopters. Volume II
summarizes the work completed to date, explains the assessment
findings based on this work, and highlights how these findings
support the key requirements in the roadmap introduced in
Volume I.
The Executive Summary of this volume includes a chart that
shows the correlation between the set of high-priority USG
requirements presented in Volume I, and the NIST projects and
public working group efforts and findings summarized in
Volume II.
The remainder of Volume II is organized into the following
sections: Section 2 presents the NIST cloud computing
definition and reference architecture. Section 3 presents USG
20. cloud computing requirements through business use cases and
technical use cases. Section 4 summarizes cloud computing
technology standards and gap analysis. Section 5 discusses
cloud computing security and presents a list of security
impediments and corresponding mitigations.
A third volume, Technical Considerations for USG Cloud
Computing Deployment Decisions, is under development, and in
keeping with the NIST transparent and collaborative process, is
currently available as a working document. Volume III is being
developed as an interagency project through the Federal Cloud
Computing Standards and Technology Working Group, and will
leverage the NIST-led cloud computing program public working
group process. Volume III is intended to serve as a guide for
decision makers who are planning and implementing cloud
computing solutions by explaining how the technical work and
resources in Volume II can be applied, consistent with the
Federal Cloud Computing Strategy “Decision Framework for
Cloud Migration.” The current version of the working document
defines and proposes a methodology for defining a
representative sample of common cloud computing planning and
deployment scenarios, presents the initial candidate set of 12,
presents a process for applying the technical work, and proof-
of-concept examples of how this can be accomplished. Volume
III was initiated in parallel, but is logically dependent on the
technical work contained in Volume II, and will necessarily be
21. completed and presented as part of the roadmap special
publication in a subsequent release.
The Volume I and Volume II draft special publications, as well
as the working document under development as Volume III, are
publically available through the NIST ITL Cloud Computing
Web site, as are all of the NIST Cloud Computing special
publications and work-in-progress documents,
http://www.nist.gov/itl/cloud/index.cfm.
Page 15
NIST US Government Cloud Computing Technology Roadmap,
Release 1.0 (Draft) November 2011
2 NIST Cloud Computing Definition and Reference Architecture
Cloud computing is an emerging computing model which has
evolved as a result of the maturity of underlying prerequisite
technologies. There are differences in perspective as to when a
set of underlying
technologies becomes a “cloud” model. In order to categorize
cloud computing services, and to expect some level of
consistent characteristics to be associated with the services,
cloud adopters need a consistent frame of reference. The NIST
Cloud Computing Reference Architecture and Taxonomy
document defines a standard reference architecture and
taxonomy that provide the USG agencies with a common and
consistent frame of reference for comparing cloud services from
different service providers when selecting and deploying cloud
22. services to support their mission requirements. At a certain
level of abstraction, a cloud adopter does not need to repeatedly
interpret the technical representation of cloud services available
from different vendors. Rather the use of a common reference
architecture by the cloud service providers can be an efficient
tool that ensures consistent categorization of the services
offered.
2.1 Revisiting the Definition
This document uses the NIST SP 800-145, The NIST Cloud
Computing Definition, to explain characteristics of cloud
computing. For the convenience of the reader, the following is
excerpted from NIST SP 800-145:
Cloud computing is a model for enabling convenient, on-
demand network access to a shared pool of configurable
computing resources (e.g., networks, servers, storage,
applications, and services) that can be rapidly provisioned and
released with minimal management effort or service provider
interaction.
This definition lists five essential characteristics that are
common among all cloud computing services:
On-demand self-service: A consumer can unilaterally provision
computing capabilities, such as server time and network
storage, as needed
automatically without requiring human interaction with each
service’s provider.
23. Highlights: The NIST cloud computing definition identifies
three distinct service models, i.e., Software as a Service,
Platform as a Service, and Infrastructure as a Service.
In late 2010, the NIST Cloud Computing Reference Architecture
project team surveyed and completed an analysis of existing
cloud computing reference models, and developed a vendor-
neutral reference architecture which extends the NIST cloud
computing definition.
This effort leveraged a collaborative process through the NIST
Cloud Computing Reference Architecture and Taxonomy
working group. Through a discussion and validation process, the
NIST cloud computing reference architecture project team and
working group analyzed the intricacies of different types of
cloud services and confirmed the need for “Clear and
Consistently Categorized Cloud Services” - NIST USG Cloud
Computing Technology Roadmap Volume I, Requirement 4.
The NIST cloud computing definition and reference architecture
provide a technical basis for discussing “Frameworks to support
federated community clouds” - Volume I, Requirement 5.
The companion NIST cloud computing taxonomy effort has also
identified the need for: “Technical specification for high-quality
service-level agreements” – Volume I, Requirement 3, and
“defined and implemented cloud service metrics” – Volume I,
Requirement 10.
See NIST Special Publication 800-145, The NIST Definition of
24. Cloud Computing, and NIST Special Publication 500-292, NIST
Cloud Computing Reference Architecture.
Page 16
NIST US Government Cloud Computing Technology Roadmap,
Release 1.0 (Draft) November 2011
Broad network access: Capabilities are available over the
network and accessed through standard mechanisms that
promote use by heterogeneous thin or thick client platforms
(e.g., mobile phones, laptops, and personal digital assistants
[PDAs]).
Resource pooling: The provider’s computing resources are
pooled to serve multiple consumers using a multi-tenant model,
with different physical and virtual resources dynamically
assigned and reassigned according to consumer demand. There
is a sense of location independence in that the subscriber
generally has no control or knowledge over the exact location of
the provided resources but may be able to specify location at a
higher level of abstraction (e.g., country, state, or data center).
Examples of resources include storage, processing, memory,
network bandwidth, and virtual machines.
Rapid elasticity: Capabilities can be rapidly and elastically
provisioned, in some cases automatically, to quickly scale out
and rapidly released to quickly scale in. To the consumer, the
capabilities available for provisioning often appear to be
unlimited and can be purchased in any quantity at any time.
25. Measured Service: Cloud systems automatically control and
optimize resource use by leveraging a metering capability at
some level of abstraction appropriate to the type of service
(e.g., storage, processing, bandwidth, and active user accounts).
Resource usage can be monitored, controlled, and reported,
providing transparency for both the provider and consumer of
the utilized service.
Service Models
Cloud Software as a Service (SaaS): The capability provided to
the consumer to use the provider’s applications running on a
cloud infrastructure. The applications are accessible from
various client devices through a thin client interface such as a
Web browser (e.g., Web-based email). The consumer does not
manage or control the underlying cloud infrastructure including
network, servers, operating systems, storage, or even individual
application capabilities, with the possible exception of limited
user-specific application configuration settings.
Cloud Platform as a Service (PaaS): The capability provided to
the consumer is to deploy onto the cloud infrastructure
consumer-created or acquired applications created using
programming languages and tools supported by the provider.
The consumer does not manage or control the underlying cloud
infrastructure including network, servers, operating systems, or
storage, but has control over the deployed applications and
possibly application hosting environment configurations.
26. Cloud Infrastructure as a Service (IaaS): The capability
provided to the consumer is to provision processing, storage,
networks, and other fundamental computing resources where the
consumer is able to deploy and run arbitrary software, which
can include operating systems and applications. The consumer
does not manage or control the underlying cloud infrastructure
but has control over the operating systems, storage, deployed
applications, and possibly limited control of select networking
components (e.g., host firewalls).
Deployment Models
Based on how exclusive the cloud infrastructure is operated and
made available to a consumer, cloud services can also be
categorized by a series of deployment models:
Private cloud: The cloud infrastructure is operated solely for an
organization. It may be managed by the organization or a third
party and may exist on-premise or off-premise.
Community cloud: The cloud infrastructure is shared by several
organizations and supports a specific community that has shared
concerns (e.g., mission, security requirements, policy, and
compliance
Page 17
NIST US Government Cloud Computing Technology Roadmap,
Release 1.0 (Draft) November 2011
considerations). It may be managed by the organizations or a
third party and may exist on-premise or off- premise.
27. Public cloud: The cloud infrastructure is made available to the
general public or a large industry group and is owned by an
organization selling cloud services.
Hybrid cloud: The cloud infrastructure is a composition of two
or more clouds (private, community, or public) that remain
unique entities but are bound together by standardized or
proprietary technology that enables data and application
portability (e.g., cloud bursting for load balancing between
clouds).
2.2 NIST Cloud Computing Reference Architecture
The NIST cloud computing reference architecture is a logical
extension to the NIST cloud computing definition. This
extension provides a common frame of reference to help USG
and other cloud computing stakeholders to:
Gain a further understanding of the technical and
operational intricacies of cloud computing;
Communicate cloud consumers’ requirements precisely;
Categorize and compare cloud services objectively; and
Analyze security, interoperability, and portability
requirements systematically in order to better
inform solution implementations.
The reference architecture describes a conceptual model
comprising abstract architectural elements and their relations or
interactions, such as
Cloud computing actors and how they interact with each
28. other in their activities;
System components and how these components are
orchestrated to deliver the computing services;
Management functionalities that are required to support the
life cycle of operations; and
Other cross-cutting aspects such as security and privacy
associated with these elements.
The reference architecture is a high-level, abstract model not
tied to any specific cloud technology or vendor product, that
focuses on the requirements of “what” cloud services provide
and not on “how to” design and implement these services.
The reference architecture also provides a companion cloud
computing taxonomy detailing the definitions and relationships
of a control vocabulary.
A cloud solution provider may use this reference architecture to
guide the development of real architectures from different
viewpoints (such as application architecture, middleware
architecture, data architecture, and network architecture), given
constraints imposed by the organization’s operational and
technical environments. The reference architecture has a direct
benefit for the cloud consumer as well. By mapping the various
cloud solution products to the architectural components defined
in the reference architecture, a cloud consumer can understand
and compare cloud service offerings and make informed
decisions. For other stakeholders, such as academia and
29. Standards Developing Organizations (SDOs), the reference
architecture can help frame issues and provide a common
baseline for research.
As described above, the NIST Cloud Computing Reference
Architecture Project Team surveyed and completed an initial
analysis of existing cloud computing reference architectures and
reference models. On this basis, the project team developed a
straw man model of architectural concepts. This effort
leveraged a collaborative process from the NIST Cloud
Computing Reference Architecture and Taxonomy Working
Group, active between November 2010 and April 2011. This
process involved broad
Page 18
NIST US Government Cloud Computing Technology Roadmap,
Release 1.0 (Draft) November 2011
participation from the industry, academic, SDOs, and private
and public sector cloud adopters. The project team iteratively
revised the reference model by incorporating comments and
feedback received from the working group. This section
summarizes version 1.0 of the reference architecture and
taxonomy.
2.2.1 Conceptual Model
Figure 2 presents the NIST cloud computing reference
architecture, which identifies the major actors, their activities,
and their functions in cloud computing. The diagram depicts a
30. generic high-level architecture and is intended to facilitate the
understanding of the requirements, uses, characteristics, and
standards of cloud computing.
Figure 2: The Conceptual Reference Model
2.2.2 Cloud Computing Actors
As shown in Figure 2, the NIST cloud computing reference
architecture defines five major actors: cloud consumer, cloud
provider, cloud carrier, cloud auditor, and cloud broker. Each
actor is an entity (a person or an organization) that participates
in a transaction or process or performs tasks in cloud
computing.
2.2.2.1 Cloud Consumer
The cloud consumer is the principal stakeholder that uses the
cloud computing services. A cloud consumer represents a
person or organization that maintains a business relationship
with, and uses the service from, a cloud provider. A cloud
consumer browses the service catalog from a cloud provider,
requests the appropriate service, sets up service contracts with
the cloud provider, and uses the service. The cloud consumer
may be billed for the service provisioned, and needs to arrange
payments accordingly.
Cloud consumers use Service-Level Agreements (SLAs) for
specifying the technical performance requirements to be
fulfilled by a cloud provider. SLAs can cover terms regarding
the quality of service, security, and remedies for performance
31. failures. A cloud provider may also list in the SLAs a set of
restrictions or limitations, and obligations that cloud consumers
must accept. In a mature market environment, a cloud consumer
can freely choose a cloud provider with better pricing and more
favorable
Page 19
NIST US Government Cloud Computing Technology Roadmap,
Release 1.0 (Draft) November 2011
terms. Typically a cloud provider’s public pricing policy and
SLAs are nonnegotiable, although a cloud consumer who
expects to have heavy usage might be able to negotiate for
better contracts.
SaaS applications are made accessible via a network to the SaaS
consumers. The consumers of SaaS can be organizations that
provide their members with access to software applications, end
users who directly use software applications, or software
application administrators who configure applications for end
users. SaaS consumers can be billed based on the number of end
users, the time of use, the network bandwidth consumed, the
amount of data stored, or the duration of stored data.
PaaS consumers employ the tools and execution resources
provided by cloud providers to develop, test, deploy, and
manage the operation of PaaS applications hosted in a cloud
environment. PaaS consumers can be application developers
who design and implement application software, application
32. testers who run and test applications in a cloud-based
environment, application deployers who publish applications
into the cloud, and application administrators who configure,
monitor, and manage applications deployed in a cloud. PaaS
consumers can be billed according to the number of PaaS users,
the processing, storage, and network resources consumed by the
PaaS application, and the duration of the platform usage.
IaaS clouds provide cloud consumers with virtual computers,
network-accessible storage, network infrastructure components,
and other fundamental computing resources, on which IaaS
consumers can deploy and run arbitrary software. IaaS can be
used by system developers, system administrators, and IT
managers who are interested in creating, installing, monitoring,
and managing services and applications deployed in an IaaS
cloud. IaaS consumers can be billed according to the amount or
duration of the resources consumed, such as CPU hours used by
virtual computers, volume and duration of data stored, network
bandwidth consumed, or the number of IP addresses used for
certain intervals.
2.2.2.2 Cloud Provider
A cloud provider is the entity (a person or an organization)
responsible for making a service available to interested parties.
A cloud provider acquires and manages the computing
infrastructure required for providing the services, runs the cloud
software that provides the services, and makes the arrangements
33. to deliver the cloud services to cloud consumers through
network access.
For SaaS, the cloud provider deploys, configures, maintains,
and updates the operation of the software applications on a
cloud infrastructure. The SaaS cloud provider is mostly
responsible for managing the applications, security, and the
cloud infrastructure, while the SaaS cloud consumer has limited
administrative control of the applications.
For PaaS, the cloud provider manages the computing
infrastructure for the platform and runs the cloud software that
provides the components of the platform, such as runtime
software execution stack, databases, and other middleware
components. The PaaS cloud provider typically also supports
the development, deployment, and management process of the
PaaS cloud consumer by providing tools such as integrated
development environments (IDEs), development versions of
cloud software, software development kits (SDKs), and
deployment and management tools. The PaaS cloud consumer
has control over the applications and possibly over some of the
hosting environment settings, but has no or limited access to the
infrastructure underlying the platform such as network, servers,
operating systems (OSs), or storage.
For IaaS, the cloud provider acquires the physical computing
resources underlying the service, including the servers,
networks, storage, and hosting infrastructure. The cloud
34. provider runs the cloud software necessary to render the
necessary computing resources to the IaaS cloud consumer
through a set of service interfaces and computing resource
abstractions, such as virtual machines and virtual network
interfaces. In return, the IaaS cloud consumer uses these
computing resources, such as a virtual computer,
Page 20
NIST US Government Cloud Computing Technology Roadmap,
Release 1.0 (Draft) November 2011
for fundamental computing needs. Compared to SaaS and PaaS
consumers, an IaaS consumer has access to more fundamental
forms of computing resources and thus has control over more
software components in an application stack, including the OS.
The IaaS cloud provider, on the other hand, has control over the
physical hardware and cloud software that make the
provisioning of these infrastructure services possible, for
example, the physical servers, network equipment, storage
devices, host OS, and hypervisor software for virtualization.
A cloud provider’s activities span five major areas including
service deployment, service orchestration, cloud service
management, security, and privacy.
2.2.2.3 Cloud Auditor
A cloud auditor is a party that can perform an independent
examination of cloud service controls with the intent to express
an opinion thereon. Audits are performed to verify conformance
35. to standards through a review of objective evidence. A cloud
auditor can evaluate the services provided by a cloud provider
such as security controls, privacy impact, and performance.
Auditing is especially important for federal agencies. The
Federal Cloud Computing Strategy document published in
February 2011 pointed out that “agencies should include a
contractual clause enabling third parties to assess security
controls of cloud providers.” Security controls are the
management, operational, and technical safeguards or
countermeasures employed within an organizational information
system to protect the confidentiality, integrity, and availability
of the system and its information. For security auditing, a cloud
auditor can make an assessment of the security controls in the
information system to determine the extent to which the
controls are implemented correctly, operating as intended, and
producing the desired outcome with respect to the security
requirements for the system. The security auditing should also
assess the compliance with the specified regulation and with the
security policy. For example, an auditor can be tasked with
ensuring that the correct policies are applied to data retention
according to relevant rules for the jurisdiction. The auditor may
ensure that fixed content has not been modified and that the
legal and business data archival requirements have been
satisfied.
A privacy impact audit can help federal agencies comply with
36. applicable privacy laws and regulations governing an
individual’s privacy, and to ensure confidentiality, integrity,
and availability of an individual’s personal information at every
stage of development and operation.
2.2.2.4 Cloud Broker
As cloud computing evolves, the integration of cloud services
can be too complex for cloud consumers to manage. A cloud
consumer may request cloud services from a cloud broker,
instead of contacting a cloud provider directly. A cloud broker
is an entity that manages the use, performance, and delivery of
cloud services and negotiates relationships between cloud
providers and cloud consumers.
In general, a cloud broker can provide services in three
categories:
Service Intermediation: A cloud broker enhances a given
service by improving some specific capability and providing
value-added services to cloud consumers. The improvement can
be managing access to cloud services, identity management,
performance reporting, enhanced security, etc.
Service Aggregation: A cloud broker combines and
integrates multiple services into one or more new services. The
broker provides data integration and ensures the secure data
movement between the cloud consumer and multiple cloud
providers.
Page 21
37. NIST US Government Cloud Computing Technology Roadmap,
Release 1.0 (Draft) November 2011
aggregation except that the services being aggregated are not
fixed. Service arbitrage means a broker has the flexibility to
choose services from multiple agencies. The cloud broker, for
example, can use a credit-scoring service to measure and select
an agency with the best score.
2.2.2.5 Cloud Carrier
A cloud carrier acts as an intermediary that provides
connectivity and transport of cloud services between cloud
consumers and cloud providers. Cloud carriers provide access to
consumers through network, telecommunication, and other
access devices. For example, cloud consumers can obtain cloud
services through network access devices, such as desktop
computers, laptops, mobile phones, and other mobile Internet
devices (MIDs). The distribution of cloud services is normally
provided by network and telecommunication carriers or a
transport agent, where a transport agent refers to a business
organization that provides physical transport of storage media,
such as high-capacity hard drives.
2.2.2.6 Scope of Control between Provider and Consumer
The cloud provider and cloud consumer share the control of
resources in a cloud system. As illustrated in Figure 3, different
service models affect an organization’s control over the
38. computational resources and thus what can be done in a cloud
system. Figure 3 shows these differences using a classic
software stack notation comprised of the application,
middleware, and OS layers. This analysis of delineation of
controls over the application stack increases understanding of
the responsibilities of parties involved in managing the cloud
application.
Figure 3: Scope of Controls between Provider and Consumer
The application layer includes software applications
targeted at end users or programs. The applications are used by
SaaS consumers, or installed/managed/maintained by PaaS
consumers, IaaS consumers, and SaaS providers.
The middleware layer provides software building blocks
(e.g., libraries, database, and Java virtual machine) for
developing application software in the cloud. The middleware is
used by PaaS consumers, installed/managed/maintained by IaaS
consumers or PaaS providers, and hidden from SaaS consumers.
Page 22
NIST US Government Cloud Computing Technology Roadmap,
Release 1.0 (Draft) November 2011
operating system and drivers, and is
hidden from SaaS and PaaS consumers. An IaaS cloud allows
one or multiple guest OSs to run virtualized on a single physical
host. Generally, consumers have broad freedom to choose which
OS is to be hosted among all the OSs that could be supported by
39. the cloud provider. The IaaS consumers should assume full
responsibility for the guest OS(s), while the IaaS provider
controls the host OS.
2.2.3 Architecture Components
This section describes the architectural elements with which
cloud actors interact, including an abstraction of the system
components that orchestrate together to deliver the service
capabilities, the different deployment models of these
infrastructure components, and the management activities cloud
providers engage in with cloud consumers.
2.2.3.1 Service Orchestration
Service Orchestration refers to the composition of system
components to support the cloud provider activities in
arrangement, coordination, and management of computing
resources in order to provide cloud services to cloud consumers.
Figure 4 shows a generic stack diagram of this composition that
underlies the provisioning of cloud services.
Figure 4: Cloud Provider - Service Orchestration
A three-layered model is used in this representation to depict
the grouping of the three types of system components that cloud
providers need to compose to deliver their services.
In the model shown in Figure 4, the top is the service layer,
where cloud providers define interfaces for cloud consumers to
access the computing services. Access interfaces of each of the
three service models are provided in this layer. It is possible,
40. though not necessary, that SaaS applications can be built on top
of PaaS components, and PaaS components can be built on top
of IaaS components. The optional dependency relationships
among SaaS, PaaS, and IaaS components are represented
graphically as components stacking on each other; while the
angling of the components represents that each of the service
component can stand by itself. For example, a SaaS application
can be implemented and hosted on
Page 23
NIST US Government Cloud Computing Technology Roadmap,
Release 1.0 (Draft) November 2011
virtual machines from an IaaS cloud, or it can be implemented
directly on top of cloud resources without using IaaS virtual
machines.
The middle layer in the model is the resource abstraction and
control layer. This layer contains the system components that
cloud providers use to provide and manage access to the
physical computing resources through software abstraction.
Examples of resource abstraction components include software
elements such as hypervisors, virtual machines, virtual data
storage, and other computing resource abstractions. The
resource abstraction needs to ensure efficient, secure, and
reliable usage of the underlying physical resources. While
virtual machine technology is commonly used at this layer,
other means of providing the necessary software abstractions
41. are also possible. The control aspect of this layer refers to the
software components that are responsible for resource
allocation, access control, and usage monitoring. This is the
software framework that ties together the numerous underlying
physical resources and their software abstractions to enable
resource pooling, dynamic allocation, and measured service.
Various open source and proprietary cloud software are
examples of this type of middleware.
The lowest layer in the stack is the physical resource layer,
which includes all the physical computing resources. This layer
includes hardware resources, such as computers (CPU and
memory), networks (routers, firewalls, switches, network links,
and interfaces), storage components (hard disks), and other
physical computing infrastructure elements. It also includes
facility resources, such as heating, ventilation and air
conditioning (HVAC), power, communications, and other
aspects of the physical plant.
Following system architecture conventions, the horizontal
positioning, i.e., the layering, in a model represents dependency
relationships – the upper layer components are dependent on
adjacent lower layer to function. The resource abstraction and
control layer exposes virtual cloud resources on top of the
physical resource layer and supports the service layer where
cloud services interfaces are exposed to cloud consumers. Cloud
consumers do not have direct access to the physical resources.
42. 2.2.3.2 Cloud Service Management
Cloud Service Management includes all of the service-related
functions that are necessary for the management and operation
of those services required by or proposed to cloud consumers.
Cloud service management can be described from the
perspective of business support, provisioning and configuration,
and from the perspective of portability and interoperability
requirements.
2.3 NIST Cloud Computing Taxonomy
The NIST Cloud Computing taxonomy was developed in
conjunction with the reference architecture and describes key
cloud computing concepts, the relationships between these
concepts, and their given context. The taxonomy organizes the
key concepts into four levels:
Level 1: Role, which indicates a set of obligations and
behaviors as conceptualized by the associated actors in the
context of cloud computing;
Level 2: Activity, which entails the general behaviors or
tasks associated to a specific role;
Level 3: Component, which refers to the specific processes,
actions, or tasks that must be performed
to meet the objective of a specific activity; and
Level 4: Sub-component, which presents a modular part of a
component.
The taxonomy can be used as a source for developing a
43. controlled vocabulary of cloud computing terms that will
provide an increased clarification and standardization of the
cloud computing terminology. Details about this taxonomy and
the related vocabulary can be found on the NIST cloud
computing
Page 24
NIST US Government Cloud Computing Technology Roadmap,
Release 1.0 (Draft) November 2011
reference architecture and taxonomy collaboration site:
http://collaborate.nist.gov/twiki-cloud-
computing/bin/view/CloudComputing/ReferenceArchitectureTax
onomy.
Page 25
NIST US Government Cloud Computing Technology Roadmap,
Release 1.0 (Draft) November 2011
3 Cloud Computing Use Cases and Requirements
Although use cases have been traditionally employed as a
system analysis tool that links the actors to the system
functions, the same methodology has also been widely used
within business architectures for such purposes as describing
business processes of an enterprise, actors corresponding to
these processes, and organizational participants. Using well-
defined elements such as actors, conditions, and activity flows,
a use case can systematically reveal the requirements and
constraints which can subsequently direct system architecture
44. and design.
The NIST projects and working groups apply use case
methodology to define business and technical operational
scenarios and requirements.
Business use cases document scenarios at the functional
mission level. The use case describes the
business goal with no assumptions as to how cloud computing
technology (deployment model constraints) will be deployed to
achieve that goal. These business use cases can then be explored
by walking through the considerations of planning and
deploying candidate cloud computing service and deployment
model options, issues, and constraints. While this process has
documented business use cases that are in pilot or operational
deployment stage, the objective of the Target focuses on those
business use cases that agencies have identified as an
opportunity, but consider to be difficult to implement, or have a
perceived impediment to implementation.
The second case where use case methodology is applied is
definition of technical use cases in the
Standards Acceleration to Jumpstart the Adoption of Cloud
Computing (SAJACC) effort. These use cases are designed to
facilitate the qualitative testing of standards through the use of
third-party APIs implemented in adherence to candidate
45. specifications and emerging standards. Of necessity, each
SAJACC use case represents a single activity, such as the
deletion of data, and the actions needed to successfully execute
that activity (receive the request, respond to the request,
execute the request, etc.).
A business use case is decomposed into a list of high-level
requirements, then into successively more detailed
requirements, until it can ultimately be mapped to technical
requirements that are required to identify and execute the
appropriate SAJACC use cases.
3.1 Target Business Use Case and High-Level Requirements
The main objective of the NIST Cloud Computing Target
Business Use Case (TBUC) Project is to work with federal CIOs
to identify and document application and service use cases for
potential migration to a cloud environment. As described in the
Federal Cloud Computing Strategy, NIST is working with
agencies to define target business use cases that are complex, or
have technical hurdles or standards gaps that need to be
overcome. The high-level requirements that are extracted from
the target business use cases are the primary deliverables for
that project area.
Page 26
NIST US Government Cloud Computing Technology Roadmap,
Release 1.0 (Draft) November 2011
At the time of this writing, the business use cases from agencies
46. and departments summarized here have perceived impediments
or obstacles that prevent their immediate implementation or
require workarounds. These business use cases focus attention
on the areas where technical and procedural gaps are assessed
and prioritized to propose recommendations for mitigation.
After target business use cases are developed,
they are analyzed to determine which business requirements are
pertinent to the cloud. These business requirements are
examined to determine their relevance to security, portability,
and interoperability needs, and whether they are mission-
specific requirements or cross-cutting requirements. The final
step is to determine the relationship of the business
requirements to the SAJACC technical use cases.
A template to capture target business use cases was created and
is described in the next section. An initial portfolio of target
business use cases using this template was developed using two
methods. The most common approach is documentation via
interviews with agency and department CIOs identified through
the Federal CIO Council Cloud Computing Executive Steering
Committee and Cloud First Task Force. Information is gathered
about the business use case through information provided by
agencies, after which NIST-led interviews of key members of
the cloud effort are conducted to flesh out the business use case
and identify areas of concern. Alternatively, participants in the
NIST-chaired public Cloud Computing Business Use Case
47. Working Group (CCBUCWG) volunteer to document and obtain
agency sponsorship of business use cases that might be of
interest. Sponsoring federal agencies develop the business use
cases and submit them to the project team as contributions. As
business use cases are drafted, they are presented to the Cloud
Computing Business Use Case Working Group for review and
comment.
As requirements are identified and areas of research are
prioritized, NIST works with federal agencies, industry, SDOs,
and academia to identify options for addressing challenges,
using the vendor-neutral reference architecture and taxonomy as
a frame of reference. This research results in the definition of
new or augmented standards, guidance, and technology
requirements where appropriate. The portfolio of target business
use cases can also be used by Federal CIOs to aid them in
considering their projects. As federal CIOs identify new
business use cases, it is helpful to the broader community to add
them to this portfolio. As the portfolio of business use cases is
expanded, trends and commonalities become more apparent,
permitting prioritization of research areas.
Highlights: Target business use cases of federal agencies were
captured to understand security, interoperability, and portability
requirements. These business use cases and the cross-cutting
requirements extracted were developed as part of the iterative
and complementary process used to identify the strategic
48. requirements in Volume I of the Technical Roadmap.
Specifically, this section summarizes the use cases which were
used as the basis for defining the following high-priority
requirements listed in the NIST USG Cloud Computing
Technology Roadmap Volume I high- priority requirements:
“