NIST Releases Security Guidelines for Storage Infrastructure

White and Williams LLP

White and Williams LLP

Storage infrastructure, along with computing and network infrastructures, represents one of the fundamental pillars of Information Technology (IT). Just like computing and networking, the storage infrastructure landscape is comprised of a mixture of legacy and advanced systems. The National Institute of Standards and Technology (NIST) has now released Special Publication (SP) 800-209, Security Guidelines for Storage Infrastructure, which provides comprehensive security recommendations for storage infrastructures. According to NIST, the publication’s security focus covers both those measures that are common to IT infrastructure – such as physical security, authentication and authorization, configuration control, and incident response – and those that are specific to storage infrastructure.

Recognizing that storage technology has evolved in “two directions,” one involving increased storage media capacity (e.g., tape, Hard Disk Drives, solid-state drives (SSD)) and the other involving architectural changes including cloud-based storage resource access, the publication “provides an overview of the evolution of the storage technology landscape, current security threats, and the resultant risks.” The description of the current landscape includes traditional storage services (like block, file, and object storage), storage virtualization, storage architectures designed for virtualized server environments, and storage resources hosted in the cloud. The publication also describes “various threats to the storage resources are also included, as well as an analysis of the risks to storage infrastructure and the impacts of these threats.”

According to NIST, the publication’s “main focus” is “to provide a comprehensive set of security recommendations for the current landscape of the storage infrastructure.” Security controls that are specific to storage technologies, such as network-attached storage (NAS) and storage area networks (SAN), are discussed, as are security recommendations specific to storage technologies in data protection, isolation, restoration assurance, and encryption.

[View source.]

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© White and Williams LLP | Attorney Advertising

Written by:

White and Williams LLP

White and Williams LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.