AWS Security Blog

Updated whitepaper now available: Aligning to the NIST Cybersecurity Framework in the AWS Cloud

I’m proud to announce an updated resource that is designed to provide guidance to help your organization align to the National Institute of Standards and Technology (NIST) Cybersecurity Framework Version 1.1, which was released in 2018. The updated guide, NIST Cybersecurity Framework (CSF): Aligning to the NIST CSF in the AWS Cloud, is designed to help commercial and public sector entities of any size and in any part of the world align with the CSF by leveraging AWS services and resources.

In addition to mapping CSF updates to the latest AWS services and resources, we’ve also renewed our independent third-party assessor’s validation that the AWS services that have undergone FedRAMP Moderate and ISO 9001/27001/27017/27018 accreditations align with the CSF.

If you’re new to the NIST CSF, it’s a voluntary, risk-based, outcome-focused framework. It helps you establish a foundational set of security activities organized around five functions—Identify, Protect, Detect, Respond, Recover—to help you improve the security, risk management, and resilience of your organization. The CSF was originally intended for the critical infrastructure sector, but they’ve been endorsed by governments and industries worldwide as a recommended baseline for organizations of all types and sizes. Sectors as diverse as health care, financial services, and manufacturing are using the NIST CSF, and the list of early global adopters includes Japan, Israel, the UK, and Uruguay, among others.

In short, the NIST CSF is broadly applicable. In fact, in February 2018, the International Standards Organization released “ISO/IEC 27103:2018 — Information technology — Security techniques,” a standard that provides guidance for implementing a cybersecurity framework leveraging existing standards. ISO 27103 promotes the same concepts and best practices reflected in the NIST CSF; specifically, it encourages a framework focused on security outcomes organized around five functions (Identify, Protect, Detect, Respond, Recover) and foundational activities that map to existing standards, accreditations and frameworks. Adopting a versatile framework like the NIST CSF can help your organization achieve security outcomes while benefiting from the efficiencies of reusing instead of redoing.

You can use our updated whitepaper and workbook to learn how AWS services and resources can help enable your organization’s alignment to the CSF. If you’d like support in how to implement the CSF in your organization using AWS services and resources, contact an AWS Solutions Architect.

Want more AWS Security news? Follow us on Twitter.


Min Hyun

Min is the Global Lead for Growth Strategies at AWS. Her team’s mission is to set the industry bar in thought leadership for security and data privacy assurance in emerging technology, trends and strategy to advance customers’ journeys to AWS. View her other Security Blog publications here.