Information security policies
ISO/IEC 27070


Search this site
 

Security awareness content

ISO/IEC 27070 — Information technology — Security techniques — Security requirements for virtualized roots of trust [DRAFT]

Introduction

Whereas trusted computing generally involves a Hardware Security Module providing various cryptographic functions in a physically secure enclosure, the architecture is not well suited to cloud computing. In the cloud, systems are virtualized, mobile and scaleable, hence they cannot readily access and rely upon fixed hardware such as an HSM.

 

Scope and purpose

The standard will specify the information security controls relating to ‘virtualized roots of trust’.

 

Contents

The draft standard has two main sections for ‘functional view’ and ‘activity view’.

 

Status

The standard is being drafted.  It is due to be published at the end of 2021.

It is currently at 4th Working Draft stage.

Personal comments

‘Trusted computing’ typically refers to secure systems used for governmental and military/defense purposes, processing highly classified information.

‘Virtualized roots of trust’ concerns the provision of trustworthy computing environments in the cloud, where virtual machines are dynamically created to provide cloud services. The trust, risk and security implications are, frankly, beyond my pay grade.

 

< Previous standard      ^ Up a level ^      Next standard >

Copyright © 2019 IsecT Ltd.