Storage
infrastructure—along with compute (encompassing OS and host hardware) and
network infrastructures—is one of the three fundamental pillars of Information
Technology (IT). However, compared to its counterparts, it has received
relatively limited attention when it comes to security, even though data
compromise can have as much negative impact on an enterprise as security
breaches in compute and network infrastructures.
In
order to address this gap, NIST is releasing Draft Special Publication (SP) 800-209, Security Guidelines for Storage Infrastructure,
which includes comprehensive security recommendations for storage
infrastructures. The security focus areas covered in this document not only span
those that are common to the entire IT infrastructure—such as physical
security, authentication and authorization, change management, configuration
control, and incident response and recovery—but also those that are specific to
storage infrastructure, such as data protection, isolation, restoration
assurance, and data encryption.
The public comment period for this document is open through August
31, 2020. See the publication
details for a copy of the document and instructions for submitting
comments.
NOTE:
A call for patent claims is included on page iii of this draft. For additional
information, see the Information
Technology Laboratory (ITL) Patent Policy–Inclusion of Patents in ITL
Publications.