Updated whitepaper available: Aligning to the NIST Cybersecurity Framework in the Amazon Web Services Cloud

Authors: Luca Iannario, Carmela Gambardella, Francesco Grande, Giuseppe Russo |

Today, we released an updated version of the Aligning to the NIST Cybersecurity Framework (CSF) in the Amazon Web Services Cloud whitepaper to reflect the significant changes introduced in the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) 2.0, published in February 2024. This comprehensive update helps you understand how Amazon Web Services services align with the enhanced framework and how you can use Amazon Web Services capabilities to improve your cybersecurity posture.

The NIST CSF 2.0 provides guidance to industry, government agencies, and other organizations to manage cybersecurity risks. The updated version introduces important changes, including the following:

  • A new “Govern” Core Function, emphasizing procedural and organizational activities that have an impact on the management of cybersecurity risk within organizations.
  • An expanded scope, beyond critical infrastructure, to help organizations of many sizes and sectors.
  • Enhanced guidance for privacy risk management and supply chain security.
  • Updated Categories and Subcategories that better reflect current cybersecurity challenges.

In accordance with the Amazon Web Services Shared Responsibility Model, the whitepaper provides a detailed mapping of Amazon Web Services services to the six CSF Core Functions: Govern (New), Identify, Protect, Detect, Respond, and Recover. Organizations can use this whitepaper to understand how Amazon Web Services services align with NIST CSF 2.0 requirements, implement Amazon Web Services solutions to help achieve their security objectives, use Amazon Web Services capabilities for automated security operations, and build resilient architectures that support their cybersecurity strategies.

Security and compliance remain our top priorities at Amazon Web Services. This updated whitepaper demonstrates our commitment to helping customers align with the latest security frameworks while protecting their data and resources in the Amazon Web Services Cloud. The whitepaper also includes practical guidance for implementing Amazon Web Services services and features that support the CSF outcomes, whether you’re just starting your cloud journey or looking to enhance your existing security posture.

To learn more about implementing NIST CSF 2.0 in your organization by using Amazon Web Services services, contact your Amazon Web Services account team or download the whitepaper.

 
If you have feedback about this post, submit comments in the Comments section below. If you have questions about this post, contact Amazon Support.
 

Luca Iannario Luca Iannario
Luca is a Solutions Architect Manager at Amazon Web Services within the UK Public Sector team. He works with customers of all sizes across government, education, healthcare, and NPO verticals, helping them deploy Amazon Web Services services securely at scale and facilitating their cloud adoption journey. In his spare time, Luca enjoys traveling and watching movies.
Giuseppe Russo Giuseppe Russo
Giuseppe is Security Assurance Manager for Italy & SEE. Giuseppe has a degree in Computer Science with a specialization in Cryptography, Security and Information Theory. Giuseppe is an experienced cybersecurity professional with many years of experience in the industry. His primary activity is to work closely with regulators, and key stakeholders, in order to foster the adoption of a secure cloud and in preparing cloud environments that meet security requirements related to strategic topics such as privacy and the protection of critical infrastructures.
Carmela Gambardella Carmela Gambardella
Carmela is an Amazon Web Services Solutions Architect since 2018. Before Amazon Web Services, she held various roles in large IT companies, such as software engineer, security consultant, and solutions architect. She uses her experience in security, compliance, and cloud operations to help public sector organizations in their cloud journeys. In her spare time, she is a passionate reader and enjoys hiking, travelling, and doing yoga.
Francesco Grande Francesco Grande
Francesco is an Amazon Web Services Solutions Architect based in Italy, where he helps customers and Partners design secure, sustainable, and reliable cloud architectures. Coming from a security background, he focuses on areas such as threat detection, incident response, and infrastructure protection. In his free time, he enjoys watching anime and esports and spending quality time with friends.

The mentioned AWS GenAI Services service names relating to generative AI are only available or previewed in the Global Regions. Amazon Web Services China promotes AWS GenAI Services relating to generative AI solely for China-to-global business purposes and/or advanced technology introduction.