The National Institute of Standards and Technology (NIST) has issued the NIST SP 800-209 Security Guidelines for Storage Infrastructure.
The Special Publication (SP) 800-209 provides a comprehensive set of security recommendations for the current landscape of the storage infrastructure.
An abstract from SP 800-209:
Storage technology, just like its computing and networking counterparts, has evolved from traditional storage service types, such as block, file, and object. Specifically, the evolution has taken two directions: one along the path of increasing storage media capacity (e.g., tape, Hard Disk Drives, solid-state drives (SSD)) and the other along the architectural front, starting from direct-attached storage (DAS) to the placement of storage resources in networks accessed through various interfaces and protocols to cloud-based storage resource access, which provides a software-based abstraction over all forms of background storage technologies. Accompanying the architectural evolution is the increase in management complexity, which subsequently increases the probability of configuration errors and associated security threats. This document provides an overview of the evolution of the storage technology landscape, current security threats, and the resultant risks. The main focus of this document is to provide a comprehensive set of security recommendations that will address the threats. The recommendations span not only security management areas that are common to an information technology (IT) infrastructure (e.g., physical security, authentication and authorization, change management, configuration control, and incident response and recovery) but also those specific to storage infrastructure (e.g., data protection, isolation, restoration assurance, and encryption).NIST
Moreover, these guidelines also include security recommendations for the following areas of operation in the storage infrastructure:
- Data protection
- Restoration assurance
Also, click here to download the full PDF.
Related Articles & Links
- QNAP and other network storage makers issue security advisories on OpenSSL flaws
- eCh0raix ransomware variant targets QNAP and Synology NAS devices
- Alert: Qlocker and eCh0raix ransomware attacks against QNAP NAS devices
- Legacy QNAP NAS devices vulnerable to zero-day cyberattacks
- 450K internet-connected QNAP devices exposed to RCE vulnerabilities