« 約2300名分のZoomの認証情報のリストがDark Webのフォーラム上にあるようですね。。。 | Main | NIST White Paper 5G Cybersecurity: Preparing a Secure Evolution to 5G »

2020.04.14

NIST SP 1800-19(Draft) Trusted Cloud: Security Practice Guide for VMware Hybrid Cloud Infrastructure as a Service (IaaS) Environments

こんにちは、丸山満彦です。

NISTがVMウェアのセキュリティガイドのドラフトを公表していますね。

 NIST ITL

・2020.04.13 SP 1800-19(Draft)  Trusted Cloud: Security Practice Guide for VMware Hybrid Cloud Infrastructure as a Service (IaaS) Environments

  Submit Comments on SP 1800-19C (other)
 ・[PDF] SP 1800-19C How-To Guides 
 ・[PDF] SP 1800-19A Executive Summary  (Prelim. Draft 1)
 ・[PDF] SP 1800-19B Approach, Architecture, and Security Characteristics (Prelim. Draft 1)
  Project Homepage (other)

-----

Abstract

A cloud workload is an abstraction of the actual instance of a functional application that is virtualized or containerized to include compute, storage, and network resources. Organizations need to be able to monitor, track, apply, and enforce their security and privacy policies on their cloud workloads, based on business requirements, in a consistent, repeatable, and automated way. The goal of this project is to develop a trusted cloud solution that will demonstrate how trusted compute pools leveraging hardware roots of trust can provide the necessary security capabilities. These capabilities not only provide assurance that cloud workloads are running on trusted hardware and in a trusted geolocation or logical boundary, but also improve the protections for the data in the workloads and in the data flows between workloads. The example solution leverages modern commercial off-the-shelf technology and cloud services to address a particular use case scenario: lifting and shifting a typical multi-tier application between an organization-controlled private cloud and a hybrid/public cloud over the internet.

-----

Contents

1 Introduction

1.1 Practice Guide Structure 


1.2 Build Overview 


1.3 Typographic Conventions

1.4 Logical Architecture Summary

2 Dell/EMC Product Installation and Configuration Guide

3 Gemalto Product Installation and Configuration Guide

4 HyTrust Product Installation and Configuration Guide

5 IBM Product Installation and Configuration Guide

5.1 ICSV Deployment 


5.1.1 Pre-Deployment 

5.1.2 Automation Deployment 

5.1.3 Post-Deployment

5.2 Enable Hardware Root of Trust on ICSV Servers

5.2.1 Enable Managed Object Browser (MOB) for each ESXi Server
5.2.2 Enable TPM/TXT on SuperMicro hosts
5.2.3 
Enable TPM/TXT in IBM Cloud
5.2.4 Validate the TPM/TXT is enabled
5.2.5 Check the vCenter MOB to see if the TPM/TXT is enabled
5.2.6 Set up Active Directory users and groups

5.3 Add Hosts to HTCC and Enable Good Known Host (GKH) 


5.3.1 Add vCenter to HTCC 

5.3.2 Enable a Good Known Host
5.3.3 Verify and update host trust 

5.3.4 Define PolicyTags in CloudControl 

5.3.5 Assign PolicyTags to hosts
5.3.6 Provision PolicyTags
 5.3.6.1 Collect UUIDs of GKH and Trusted hosts
 5.3.6.2 Generate esxcli commands 

 5.3.6.3 Run esxcli commands

6 Intel Product Installation and Configuration Guide

7 RSA Product Installation and Configuration Guide

8 VMware Product Installation and Configuration Guide

8.1 Prerequisites 


8.2 Installation and Configuration 


8.3 Configuration Customization Supporting the Use Cases and Security 
Capabilities

8.3.1 Example VVD 5.0.1 Configuration: Configure the Password and Policy Lockout Setting in vCenter Server in Region A
8.3.2 Example VVD 5.0.1 Configuration: Configure Encryption Management in Region A
8.3.3 Example vRealize Automation DISA STIG Configuration: Configure SLES for vRealize to protect the confidentiality and integrity of transmitted information
8.3.4 Example vRealize Operations Manager DISA STIG Configuration: Configure the vRealize Operations server session timeout

8.4 Operation, Monitoring, and Maintenance

8.4.1 Operation
8.4.2 Monitoring 

8.4.3 Maintenance 


8.5 Product Configuration Overview

Appendix

Appendix A Security Configuration Setting Mappings 

Appendix B List of Acronyms
Appendix C Glossary 

Appendix D References

|

« 約2300名分のZoomの認証情報のリストがDark Webのフォーラム上にあるようですね。。。 | Main | NIST White Paper 5G Cybersecurity: Preparing a Secure Evolution to 5G »

Comments

Post a comment



(Not displayed with comment.)




« 約2300名分のZoomの認証情報のリストがDark Webのフォーラム上にあるようですね。。。 | Main | NIST White Paper 5G Cybersecurity: Preparing a Secure Evolution to 5G »