Special Publication 800-145 fits on a few pages, and it is the document most of the cloud industry quietly agreed to build on. That short paper is where the now-familiar split into SaaS, PaaS and IaaS got its careful definition, alongside the four deployment models (private, community, public, hybrid) and the five characteristics that decide whether something genuinely counts as cloud: on-demand self-service, broad network access, resource pooling, rapid elasticity, and measured service. Plenty of vendors paraphrase those lines without crediting them. The original sits inside the work catalogued by NIST Cloud Computing Standards, produced by the NIST Cloud Computing Program within the agency's Information Technology Laboratory.
Definitions that shaped cloud
NIST Cloud Computing Standards does not stop at definitions. The Cloud Computing Reference Architecture gives a vocabulary for the roles in a cloud arrangement (provider, consumer, broker, carrier and so on), a vocabulary that becomes essential once a contract or a security review needs everyone arguing about the same diagram. The Cloud Federation Reference Architecture, published as SP 500-332 in 2020, lays out an eleven-component model for stitching independent clouds together, a problem that has grown as organisations spread workloads across more than one provider. There is also the Cloud Computing Standards Roadmap, SP 500-291, which maps where formal standards exist and where the gaps still sit. Taken together, those three documents cover most of what an enterprise architect needs to anchor a cloud strategy in something citable.
For public-sector readers the two-volume U.S. Government Cloud Computing Technology Roadmap is the more practical entry point. It works through adoption requirements rather than abstract theory, and it ties the technical models back to interoperability, portability, security, and the vendor evaluation metrics a procurement team has to defend. Pairing that roadmap with the definitional documents is what keeps NIST Cloud Computing Standards in use years after publication, well past the point where most technical writing has aged into irrelevance.
Reference architectures for enterprise use
It helps to remember what the parent agency is. NIST is a federal body under the Department of Commerce, the country's national measurement institute, and the program behind NIST Cloud Computing Standards is one slice of a much wider catalogue. The same site hosts the National Vulnerability Database and the Computer Security Resource Center, both of which a cloud security engineer ends up consulting whether or not they came looking for cloud guidance specifically. The CSRC cross-references heavily with the cloud material, so a question about securing a hybrid deployment often pulls you between the two without much friction.
Inside a federal measurement institute
The breadth beyond computing is worth knowing even if it is not why most people arrive. Standard Reference Materials, laboratory calibration, NVLAP accreditation for testing labs, the Standards.gov directory, and the Baldrige Performance Excellence Program all live under the same roof. The agency also runs CHIPS for America and the Manufacturing Extension Partnership. None of that bears directly on the cloud documents, but it tells you NIST Cloud Computing Standards comes from an institution whose whole job is precise, defensible reference work, not a think tank publishing opinions.
Named authorship and precise citations
Authorship is named rather than anonymous, which counts for something when you are deciding how much weight to give a model. The cloud program lists leads including Dr. Michaela Iorga and Robert B. Bohn, and the publications carry document numbers, revision history and the formal SP series identifiers that let you cite them precisely. That traceability is the practical advantage of NIST Cloud Computing Standards over the blog posts and vendor whitepapers that recycle the same ideas: you can point a colleague at SP 800-145 and know they are reading exactly what you read.
What these documents do not cover
There are limits worth setting expectations around. These are reference and definitional documents, not step-by-step build guides. The SP 500-291 roadmap tells you which standards bodies are active in which areas; it will not configure a Kubernetes cluster for you. Some of the roadmap material reflects the priorities of the period it was written in, so anyone using it for current procurement should read it as a framework and check whether newer revisions or companion publications have appeared. The definitions themselves have held up well, but the surrounding market of products moves faster than any standards document can, and NIST Cloud Computing Standards never pretended otherwise.
From compliance to architecture work
The audience the program names is broad: U.S. industry, federal agencies, research institutions, and international standards bodies. In practice the influence reaches further, since regulators and enterprises abroad lean on the same definitions. A compliance officer who needs a neutral, citable definition of "public cloud" for a policy will find it inside NIST Cloud Computing Standards. So will a systems architect drafting an interoperability requirement, or a graduate student who wants the canonical source instead of a secondhand summary.
For an enterprise architect, security lead or procurement specialist working on a cloud migration, reading SP 800-145 alongside the Reference Architecture is the sensible starting point. Multi-cloud or federated setups warrant a direct look at SP 500-332 and its eleven components as a checklist against an existing design. NIST Cloud Computing Standards rewards that kind of targeted reading: the documents are short enough that doing so costs an afternoon, and the foundational material is both free and precise enough to quote verbatim without second-guessing the source.