A: The United States federal government outlines its "Guidelines on Security and Privacy in Public Cloud Computing" in a National Institute of Standards and Technology (NIST) publication. Although not to the level of a requirements specification, this document highlights the US federal government's recommendations for organizations considering use of public cloud services.

The document's executive summary highlights four high-level recommendations that are of equal value for both public and private sector uses:

  • Carefully plan the security and privacy aspects of cloud computing solutions before implementing them.
  • Understand the public cloud computing environment offered by the cloud provider.
  • Ensure that a cloud computing solution -- cloud resources and cloud-based applications -- satisfy organizational security and privacy requirements.
  • Maintain accountability over the privacy and security of data and applications implemented and deployed in public cloud computing environments.

You can download the entire 80-page document from NIST's website.