A: The United States federal government outlines its "Guidelines on Security and Privacy in Public Cloud Computing" in a National Institute of Standards and Technology (NIST) publication. Although not to the level of a requirements specification, this document highlights the US federal government's recommendations for organizations considering use of public cloud services.
The document's executive summary highlights four high-level recommendations that are of equal value for both public and private sector uses:
- Carefully plan the security and privacy aspects of cloud computing solutions before implementing them.
- Understand the public cloud computing environment offered by the cloud provider.
- Ensure that a cloud computing solution -- cloud resources and cloud-based applications -- satisfy organizational security and privacy requirements.
- Maintain accountability over the privacy and security of data and applications implemented and deployed in public cloud computing environments.
You can download the entire 80-page document from NIST's website.