The RSA Beijing Conference has had many sessions on compliance and cloud. NIST guidelines have come up repeatedly along with FISMA and other regulation references. The American civilian organization is clearly a global leader in this field and followed closely in China; however, I have not seen any mention yet or discussion of yesterday’s announcement on 500-293:

• NIST Special Publication 500-293, US Government Cloud Computing Technology Roadmap, Release 1.0 (Draft), Volume I High-Priority Requirements to Further USG Agency Cloud Computing Adoption
• NIST Special Publication 500-293, US Government Cloud Computing Technology Roadmap, Release 1.0 (Draft), Volume II Useful Information for Cloud Adopters
• NIST US Government Cloud Computing Technology Roadmap Volume III – Technical Considerations for USG Cloud Computing Deployment Decisions (First Working Draft)

The PCI SSC has invited QSAs to send input after November 1, 2011 on DSS 2.0. They want to hear about areas that need to be “clarified, updated or changed to enhance the protections for cardholder data.”

An online tool as well as a spreadsheet are available but each QSA organization is allowed only 5 feedback items in this phase of the next three year period.

December 31, 2011 marks the sunset of version 1.2.1 for both the DSS and PA-DSS