TCG Releases Trust Assessment Framework

Date Published: June, 18, 2017

In today’s enterprise, cloud computing allows enterprises to acquire or maintain computer services without building the infrastructure themselves. Cloud services often are combined with in-house infrastructure in a model that’s known as the hybrid cloud.

Companies also often need to link in-house or cloud services that one business is using (or supplying) with the internal or cloud services of a supplier, partner, or customer. In addition, most companies have mobile or remote employees that utilize the public Internet infrastructure to connect to in-house or cloud services of their employer.

All of these use cases are examples of multi-tenant infrastructures, defined as multiple distinct entities utilizing/sharing the same infrastructure for communications or services. The use of multitenant infrastructures has become pervasive in the knowledge economy.  Unfortunately, these infrastructures have been targeted by digital criminals. Therefore, securing them has become mission critical.

The Trusted Computing Group Trusted Multi-Tenant (TMI) Work has developed guidelines for developers and users of multi-tenant infrastructures. These guidelines assure users of a high degree of confidence, or trust, in their multi-tenant infrastructures. Developers also can use the TCG guidelines to design trustworthy infrastructures.

New to the TMI’s effort is the Trust Assessment Framework. The Trust Assessment Framework is a set of practices and procedures that a business can use to assess and manage the risk associated with utilizing a multi-tenant infrastructure in any form. The framework guides the user in understanding the types of questions that should be considered before exposing business critical assets to a multi-tenant infrastructure. It can be an effective contributor to a comprehensive plan for compliance to various regulations.

For example, while many users are aware of the regulatory requirements for the financial or healthcare industries, some business have been caught off guard by the need to have a comprehensive plan to manage the security of their data and information systems. One such regulation is FISMA, applicable to companies that interact with the U.S. federal government. (Wall Street Journal: FISMA Takes Private Sector By Surprise; June 3, 2013 ).

Regardless of the regulatory environment, it has become critical for every company to manage the security of their data and information systems. Users of multi-tenant infrastructures can now utilize the Trust Assessment Framework as a part of their information and data management plans.

Learn more by reviewing TCG’s Use Cases and Reference Model Documents. TCG welcomes developers and others interested in furthering guidelines and standards for multi-tenant infrastructures. Information on TCG membership is available at


Membership in the Trusted Computing Group is your key to participating with fellow industry stakeholders in the quest to develop and promote trusted computing technologies.

Join Now

Trusted Computing

Standards-based Trusted Computing technologies developed by TCG members now are deployed in enterprise systems, storage systems, networks, embedded systems, and mobile devices and can help secure cloud computing and virtualized systems.

Read more


Trusted Computing Group announced that its TPM 2.0 (Trusted Platform Module) Library Specification was approved as a formal international standard under ISO/IEC (the International Organization for Standardization and the International Electrotechnical Commission). TCG has 90+ specifications and guidance documents to help build a trusted computing environment.

Read More