For the purposes of this standard, the following terms and definitions apply. Merriam-Webster's Collegiate Dictionary should be referenced for terms not defined in this section.
A network of participating entities (e.g., Cloud Service Auditor, Cloud Service Broker, Cloud Service Consumer, Cloud Service Developer, Cloud Service Provider, Regulator, Supplier, Partner, etc.) each of which plays one or more roles in the provision, consumption, and evolution of Cloud Services.
A party that can conduct independent examination of Cloud Service controls with the intent to express an opinion thereon. Audits are performed to verify conformance to standards through review of objective evidence. (Refer to NIST SP 500-292.)
An entity that manages the use, performance, and delivery of Cloud Services, and negotiates relationships between Cloud Service Providers and Cloud Service Consumers. (Refer to NIST SP 500-292.) Key capabilities provided by Cloud Service Brokers are:
A person or organization is the principal stakeholder that maintains a business relationship with, and uses the service from, a Cloud Service Provider. (Refer to NIST SP 500-292.)
A person or organization that develops the technical as well as the business aspects of a (simple or higher-level) Cloud Service offering, which may be part of the organization of the Cloud Service Consumer or Cloud Service Provider. A Cloud Service Developer leverages the development and operational tools to develop and compose a service or set of services. (Refer to the SOCCI standard.)
A person, an organization; it is the entity responsible for making a Cloud Service available to interested parties. (Refer to NIST SP 500-292.)
The highest level (typically) of description of an organization which typically covers all missions and functions. An enterprise will often span multiple organizations. (Refer to the TOGAF standard.)
The capability provided to the Cloud Service Consumer to provision processing, storage, networks, and other fundamental computing resources where the Cloud Service Consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The Cloud Service Consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, deployed applications, and possibly limited control of select networking components (e.g., host firewalls). (Refer to NIST SP 800-145.)
The capability provided to the Cloud Service Consumer to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages and tools supported by the provider. The Cloud Service Consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly application hosting environment configurations. (Refer to NIST SP 800-145.)
The capability provided to the Cloud Service Consumer to use the Cloud Service Provider’s applications running on a cloud infrastructure. The applications are accessible from various client devices through a thin client interface such as a web browser (e.g., web-based email). The Cloud Service Consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings. (Refer to NIST SP 800-145.)