Topic-specific policies
ISO/IEC 27070


Search this site
 

ISMS templates

< Previous standard      ^ Up a level ^      Next standard >

 

Dec published ISO/IEC 27070:2021 — Information technology — Security techniques — Requirements for establishing virtualized roots of trust

 

Abstract

“Specifies the security requirements for establishing virtualized roots of trust.” [!]
[Source: SC27 Standing Document 11 (2021)]
 

Introduction

Whereas trusted computing generally involves a Hardware Security Module providing various cryptographic functions in a physically secure enclosure, the architecture is not well suited to cloud computing. In the cloud, systems are virtualized, mobile and scaleable, hence they cannot readily access and rely upon fixed hardware such as HSMs in the classical manner.

 

Scope and purpose

The standard specifies functional requirements and information security controls supporting the provision of trustworthy computing environments in the cloud, where virtual machines are dynamically created to provide cloud services.

 

Contents

The standard has two main sections:

  1. The ‘functional view’ describes the architecture in functional/modular terms.
  2. The ‘activity view’ describes how the functional modules deliver the desired level of trusted computing.

 

Status

Dec update The standard was published in December 2021.

 

Personal comments

‘Trusted computing’ typically refers to secure systems used for governmental and military/defense purposes, processing highly classified information. Such systems incorporate mandatory access controls and integrity functions.

The trust, risk and security implications of this are, frankly, well above my pay grade.

 

< Previous standard      ^ Up a level ^      Next standard >

Copyright © 2021 IsecT Ltd.