美國國家標準技術研究所（NIST）正在呼吁機構帶頭解決公共云計算相關的安全和隱私挑戰問題。

NIST的公共云計算安全和隱私準則并沒有提議任何特定的云計算服務或部署方法，但列出了幾條機構在考慮云服務時應該遵循的準則。

NIST要求機構在利用云時計劃和考慮安全方面的問題，并要求機構確保云解決方案能滿足其需求。

該文件還建議機構建立強有力的合同義務，并保留頂級機構的需求以及是否供應商能滿足這些需求。NIST告訴機構他們負責實施和部署在公共云計算環境下的安全數據和應用。

“組織應為每一級組織收集和分析系統定期狀態相關的可用數據，并經常管理安全和隱私風險。”NIST表示。

The National Institute of Standards and Technologies is calling on agencies to take the lead in addressing security and privacy challenges relating to public cloud computing.

NIST’s Guidelines on Security and Privacy in Public Cloud Computing do not suggest any specific service or deployment method for cloud computing, but lists several guidelines agencies should follow when considering their cloud services.

NIST asked agencies to plan and consider the security aspects of utilizing the cloud and said agencies should ensure cloud solutions fulfill the agency’s requirements.

The document also suggests agencies establish strong contractual obligations and stay on top of agency need and whether the provider is meeting those needs. NIST told agencies they are responsible for securing data and applications implemented and deployed in public cloud computing environments.

“The organization should collect and analyze available data about the state of the system regularly and as often as needed to manage security and privacy risks, as appropriate for each level of the organization,” NIST said.