NIST recently issued a draft document on cloud security and privacy -
Additionally they've republished their cloud definition as a draft document, and started a wiki to facilitate communication about cloud standards, research etc...
More here: http://www.nist.gov/itl/csd/cloud-020111.cfm, and the wiki is here: http://collaborate.nist.gov/twiki-cloud-computing/bin/view/CloudComputing/
Security has been a reason, and probably a good one, for enterprises to delay moving applications to the cloud. As a result, cloud security has had plenty of attention, not just from NIST, as noted here previously. It continues to be my opinion that security will be a reason to adopt cloud-based solutions, and not a reason to delay. As transparency, agreed standards, business models and service agreements, and technical improvements continue - small, mid-sized, and even larger companies will rely on cloud providers for security. Security talent, solution architecture and infrastructure as well as management attention will be another shared resource provided by the cloud. It is in the cloud providers business interests to solve this problem.