Topic-specific policies
ISO/IEC 27070

Search this site

ISMS templates

< Previous standard      ^ Up a level ^      Next standard >


ISO/IEC 27070 — Information technology — Security techniques — Requirements for establishing virtualized roots of trust [DRAFT]



“Specifies the security requirements for establishing virtualized roots of trust.” [!]
[Source: SC27 Standing Document 11 (2021)]


Whereas trusted computing generally involves a Hardware Security Module providing various cryptographic functions in a physically secure enclosure, the architecture is not well suited to cloud computing. In the cloud, systems are virtualized, mobile and scaleable, hence they cannot readily access and rely upon fixed hardware such as HSMs.


Scope and purpose

The standard will specify the information security controls required to provide and protect ‘virtualized roots of trust’.



The draft standard has two main sections for ‘functional view’ and ‘activity view’.



Nov status update The standard has been at Final Draft International Standard stage for a wee while and may conceivably be published at the end of this year.


Personal comments

‘Trusted computing’ typically refers to secure systems used for governmental and military/defense purposes, processing highly classified information.

‘Virtualized roots of trust’ concerns the provision of trustworthy computing environments in the cloud, where virtual machines are dynamically created to provide cloud services. The trust, risk and security implications are, frankly, well above my pay grade.


< Previous standard      ^ Up a level ^      Next standard >

Copyright © 2021 IsecT Ltd.