Well not really, but close. \u00a0For those of you that missed it, NIST has made several statements about the non-negotiability of cloud agreements. \u00a0Most recently, in its Guidelines on Security and Privacy in the Public Cloud, NIST said \u201cNon-negotiable service agreements in which the terms of service are prescribed completely by the cloud provider are generally the norm in public cloud computing.\u201d \u00a0This doesn\u2019t mean all cloud engagements are non-negotiable or that they should be avoided. \u00a0It does mean that if the contract is presented as non-negotiable, the customer must do a far more thorough analysis of the risks\/benefits of the engagement, including conducting more detailed due diligence of the vendor, seeking references from existing customers, understanding exactly what types of data will be placed at risk, the criticality of the service to the customer\u2019s operations, etc. \u00a0Without that leg work, the customer will be walking largely blind into the relationship. \u00a0In some instances, the customer may well determine that a cloud service provided under non-negotiable terms is simply not right for the particular engagement. \u00a0Better to discover that as early in the process as possible.