Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST SP 800-209 (Initial Public Draft)

Security Guidelines for Storage Infrastructure

Date Published: July 2020
Comments Due: August 31, 2020 (public comment period is CLOSED)
Email Questions to: sp800-209-comments@nist.gov

Author(s)

Ramaswamy Chandramouli (NIST), Doron Pinhas (Continuity Software)

Announcement

Storage infrastructure—along with compute (encompassing OS and host hardware) and network infrastructures—is one of the three fundamental pillars of Information Technology (IT). However, compared to its counterparts, it has received relatively limited attention when it comes to security, even though data compromise can have as much negative impact on an enterprise as security breaches in compute and network infrastructures. 

In order to address this gap, NIST is releasing Draft Special Publication (SP) 800-209, Security Guidelines for Storage Infrastructure, which includes comprehensive security recommendations for storage infrastructures. The security focus areas covered in this document not only span those that are common to the entire IT infrastructure—such as physical security, authentication and authorization, change management, configuration control, and incident response and recovery—but also those that are specific to storage infrastructure, such as data protection, isolation, restoration assurance, and data encryption.

NOTE: A call for patent claims is included on page iii of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.

Abstract

Keywords

storage area network; network attached storage; storage array; file storage service; block storage service; object storage service; storage virtualization; software-defined storage; hyper-converged storage; data protection; cloud storage; backup; replication
Control Families

None selected

Documentation

Publication:
https://doi.org/10.6028/NIST.SP.800-209-draft
Download URL

Supplemental Material:
None available

Document History:
07/21/20: SP 800-209 (Draft)
10/26/20: SP 800-209 (Final)