Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Multi-Cloud Security Public Working Group MCSPWG


Cloud computing has become the core accelerator of the US Government's digital business transformation. NIST is establishing a Multi-Cloud Security Public Working Group (MCSPWG) to research best practices for securing complex cloud solutions involving multiple service providers and multiple clouds.  

The White House Executive Order on Improving the Nation's Cybersecurity highlights that “the Federal Government needs to make bold changes and significant investments in order to defend the vital institutions that underpin the American way of life” by focusing “the full scope of its authorities and resources to protect and secure its computer systems, whether they are cloud-based, on-premises, or hybrid.” The MCSPWG research will focus on a) identifying the challenges of implementing secure multi-cloud systems and b) developing guidance and best practice for mitigating the identified challenges. 

The US federal agencies were further encouraged by the Cloud Smart Federal Computing Strategy to accelerate cloud adoption and modernize their IT infrastructures, leverage cloud technology scalability, and speed-to-market by expanding and diversifying their cloud portfolio to incorporate multi-party (multi-providers) cloud solutions.  Many organizations when adopting these cloud solutions, which can include services provided by different cloud service providers often with support from third-party entities, are faced with added security and privacy implementation challenges. 

The MCSPWG Charter provides additional information on MCSPWG including the planned work and the rules of engagement for participation and subscription to the mailing list below.



Credits: Ned Goren


IT Specialist




Credits: Brian Ruf


Director of Cybersecurity

Easy Dynamics



Credits: Joyce Hunter


Executive Director 

Institute for Critical

Infrastructure Technology 


Credits: Chris Carpenter


Infrastructure Engineer

VCF Compliance Engineering


How Can I Join?

Mailing List: NIST is maintaining the mailing list: for communication among subscribed members.

Join the mailing list to receive notices about MCSPWG meetings and other updates by sending an email from the email address you want to subscribe to

You will receive an automated e-mail from asking you to reply to the e-mail if you would like to continue with your join request. This second step is necessary for confirming your subscription to the mailing list.

To unsubscribe from the mailing list, send an email to from the subscribed email address.

If you have difficulties joining the mailing list, contact us at

Important Information

The mailing lists are for discussion related to MCSPWG activities.

Files should not be distributed on the mailing lists, rather they should be posted on the available collaboration site(s)  and a link shared via the mailing list. 

NIST moderates the mailing lists and reserves the right to:

  • remove participants from the mailing lists for failure to adhere to these rules. 
  • review, approve or delete any messages that fall outside the scope of the mailing list and the charter of the MCSPWG.

The mailing lists are not to be used for promotional announcements, advertising, product-related press releases, or other commercial use. 

Do not send messages that contain abusive or vulgar content, spam, hate speech, personal attacks, or similar content.




Created October 12, 2021, Updated May 16, 2024