National Security Telecommunications Advisory Committee, NSTAC Report to the President on Cloud Computing (May 15, 2012) (full-text).
As the federal government executes its Cloud First policy, implications for national security and emergency preparedness (NS/EP) must be considered as they relate to cloud computing plans and programs. Toward these ends, and in the context of a charge to examine cloud computing, two questions were posed to the President's National Security Telecommunications Advisory Committee (NSTAC) by the Executive Office of the President (EOP):
- Within the context of NS/EP, what equities should the Government consider moving to the cloud, and in what priority order, if appropriate? What are the sorting/defining NS/EP considerations to determine applicability and value for migration of any given equity to a cloud computing environment?
- For equities that do migrate to the cloud, should the requirements for providers supporting NS/EP standards and capabilities differ from the requirements established for commercial Cloud providers in general? If so, how?
The central issue at the core of these questions is: Can NS/EP processes be migrated to to the cloud without undue risk? In order to confidently answer the question favorably, the NSTAC recommended that a regime of policy, legal authorities, security and oversight that is comparably rigorous, complete and trustworthy relative to that now in place for NS/EP activities via legacy means be adopted.