AWS Security Blog

Updated whitepaper available: Aligning to the NIST Cybersecurity Framework in the AWS Cloud

Today, we released an updated version of the Aligning to the NIST Cybersecurity Framework (CSF) in the AWS Cloud whitepaper to reflect the significant changes introduced in the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) 2.0, published in February 2024. This comprehensive update helps you understand how AWS services align with the enhanced framework and how you can use AWS capabilities to improve your cybersecurity posture.

The NIST CSF 2.0 provides guidance to industry, government agencies, and other organizations to manage cybersecurity risks. The updated version introduces important changes, including the following:

  • A new “Govern” Core Function, emphasizing procedural and organizational activities that have an impact on the management of cybersecurity risk within organizations.
  • An expanded scope, beyond critical infrastructure, to help organizations of many sizes and sectors.
  • Enhanced guidance for privacy risk management and supply chain security.
  • Updated Categories and Subcategories that better reflect current cybersecurity challenges.

In accordance with the AWS Shared Responsibility Model, the whitepaper provides a detailed mapping of AWS services to the six CSF Core Functions: Govern (New), Identify, Protect, Detect, Respond, and Recover. Organizations can use this whitepaper to understand how AWS services align with NIST CSF 2.0 requirements, implement AWS solutions to help achieve their security objectives, use AWS capabilities for automated security operations, and build resilient architectures that support their cybersecurity strategies.

Security and compliance remain our top priorities at AWS. This updated whitepaper demonstrates our commitment to helping customers align with the latest security frameworks while protecting their data and resources in the AWS Cloud. The whitepaper also includes practical guidance for implementing AWS services and features that support the CSF outcomes, whether you’re just starting your cloud journey or looking to enhance your existing security posture.

To learn more about implementing NIST CSF 2.0 in your organization by using AWS services, contact your AWS account team or download the whitepaper.

 
If you have feedback about this post, submit comments in the Comments section below. If you have questions about this post, contact AWS Support.
 

Luca Iannario Luca Iannario
Luca is a Solutions Architect Manager at AWS within the UK Public Sector team. He works with customers of all sizes across government, education, healthcare, and NPO verticals, helping them deploy AWS services securely at scale and facilitating their cloud adoption journey. In his spare time, Luca enjoys traveling and watching movies.
Giuseppe Russo Giuseppe Russo
Giuseppe is Security Assurance Manager for Italy & SEE. Giuseppe has a degree in Computer Science with a specialization in Cryptography, Security and Information Theory. Giuseppe is an experienced cybersecurity professional with many years of experience in the industry. His primary activity is to work closely with regulators, and key stakeholders, in order to foster the adoption of a secure cloud and in preparing cloud environments that meet security requirements related to strategic topics such as privacy and the protection of critical infrastructures.
Carmela Gambardella Carmela Gambardella
Carmela is an AWS Solutions Architect since 2018. Before AWS, she held various roles in large IT companies, such as software engineer, security consultant, and solutions architect. She uses her experience in security, compliance, and cloud operations to help public sector organizations in their cloud journeys. In her spare time, she is a passionate reader and enjoys hiking, travelling, and doing yoga.
Francesco Grande Francesco Grande
Francesco is an AWS Solutions Architect based in Italy, where he helps customers and Partners design secure, sustainable, and reliable cloud architectures. Coming from a security background, he focuses on areas such as threat detection, incident response, and infrastructure protection. In his free time, he enjoys watching anime and esports and spending quality time with friends.