The Information Technology Organization of Iran (ITOI) has launched a formal evaluation process to identify at least three cloud service providers capable of hosting government services nationwide. The organization plans to issue a “cloud service rating certificate” to companies deemed suitable after the evaluation and include them on the authorized service list for government-supported projects.

Iran Seeks Cloud Providers to Provide Services Compliant with US Standards

The evaluation process covers cloud providers that offer infrastructure services (IaaS), platform services (PaaS), and software services (SaaS). Applicants are expected to support different service architectures, such as public, private, hybrid, or community cloud. Service providers specializing in security, monitoring, support services, and cloud migration may also be included in the process.

The organization will prioritize candidate companies’ compliance with international security standards such as ISO 27017 and ISO 27018. These standards define technical control frameworks for data security and personal data protection in cloud computing services.

The ITOI also clearly stated its expectation of compliance with NIST SP 800-145 cloud computing standards defined by the US National Institute of Standards and Technology (NIST). It is noteworthy that Iran’s official institutions, despite ideological and political tensions with the US, are based on American standards.

Iran completely restricted internet access during the 12-day war with Israel and the US in 2025 and decided to accelerate digital infrastructure projects after the war ended. During this period, the ITOI’s official RSS feed, which had been silent for a long time, has begun to update again.

However, some sources, such as The Register, point out that many countries consider doing business with Iran illegal, raising questions about how this initiative will be met with international support.