Applying NIST Cybersecurity Framework to Cloud

By: Aseem Rastogi | 9 May 2019

The NIST Cyber Security Framework (CSF) consists of standards, guidelines, and best practices to manage cybersecurity related risks.  Regardless of the type of organization or its mission, the activities, countermeasures, responsibilities and objectives associated with ensuring a robust security posture can be generalized and discussed using the NIST CSF. This, in turn, makes the management of security more streamlined and easier to affect, and enables better information sharing.

This framework has a prioritized, flexible, and cost-effective approach to promote the protection and resilience of critical infrastructure and other sectors important to the economy and national security.

The most common applications of the CSF have manifested in three different scenarios:

  • Assessment of an organization’s enterprise-wide cybersecurity risk posture
  • Assessment of products and services that organizations can control for their own conformance to the CSF
  • CSF core overlay on existing standards and requirements to assess the risk management practices of technology products and services

    Elements of NIST CSF

    The CSF offers a simple-yet-effective model consisting of three elements – Core, Tiers, and Profiles. Implementation of the Core, Tiers, and Profiles are the responsibility of the organization adopting the CSF.

Core Structure

The Core references security controls from widely adopted, internationally-recognized standards such as ISO/IEC 27001, NIST 800-53, Control Objectives for Information and Related Technology (COBIT), Council on Cybersecurity (CCS) Top 20 Critical Security Controls (CSC), and ANSI/ISA-62443 Standards-Security for Industrial Automation and Control Systems.

The NIST core identifies five key cybersecurity functions to organize recommended security controls into actionable work streams.

Various cloud service providers like AWS, Azure & Google have taken steps to align their offerings to the CSF. However, due to shared security responsibility model of cloud, customers have to take steps to align security for their side.

We will briefly discuss about how to apply NIST Cybersecurity framework to AWS Cloud.

Applying NIST Cybersecurity Framework to AWS Implementations

The AWS users can use this framework to plan security strategies for optimal protection and coverage.  However, while applying these functions to your public cloud implementation there are some issues that need to be addressed.

NIST Function Challenge

Relationships between cloud entities can be very tough to see and visualise.

If the core elements of your cloud are not visible, you cannot identify what needs to be done to secure them.



Choosing security tools and services to protect your infrastructure is a familiar task. But recent data breaches show how easily things can go wrong and can create huge vulnerabilities.



An AWS CloudTrail will have plenty of data and making sense of what data you have is a challenge by itself.



On AWS, understanding incidents is a challenge: you’ll have plenty of data (AWS logs everything) but analysing that data to understand the attack takes skill and time.



If your platform does not have the ability to deliver a complete and accurate picture of the attacks, recovery effects will also be incomplete.

Implementers have to map out exact AWS entities in play for each of the requirements and then validate configurations in order to comply. Also, they need to continuous monitor the adherence. Here is an example of NIST-CSF requirement and AWS entities at play.

Organize Cloud Security Efforts with CloudOptics

Applying NIST’s cybersecurity framework to AWS implementation is a great way to organise and guide your cloud cybersecurity efforts. Having a platform that has the ability to capitalise on the extensive data available from AWS will go a long way towards meeting the goals set out in the NIST CSF.

Each of the categories and subcategories within the NIST Cybersecurity Framework is correlated directly to highly visible external references — such as ISO/IEC 27001:2013, NIST SP 800-53 and COBIT 5 – CloudOptics provides a roadmap that indexes service features across this spectrum to facilitate compliance activities on a continuous basis.

CloudOptics provides standard mapping to AWS services and security configurations, providing predictability & compliance assurance.

Reach out to us to know more, how can CloudOptics help secure your cloud journey!!