Applying the NIST Cybersecurity Framework to AWS Environments

The National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) is designed to help organizations assess and improve their security posture. 

If you are using Amazon Web Services (AWS), NIST CSF compliance is an important reference to ensure that you are maintaining a secure environment.

In this guide, we’ll provide an overview of the NIST CSF V1.1 controls, and explain how you can scan your AWS account using Blink to find and fix gaps.

Understanding the NIST Cybersecurity Framework (CSF)

The NIST is an agency of the US Department of Commerce that develops technical and managerial standards nationwide. The NIST Cybersecurity Framework provides a comprehensive guide to managing cybersecurity risk through voluntary standards and best practices. By utilizing this framework, organizations are able to manage their cyber risks in a consistent and structured manner.

Four years after the initial release of the framework, NIST released Version 1.1 in April 2018 with several updates and enhancements. This was after extensive public feedback and input from the private sector, government, academia, and other stakeholders. The updates focused on making the framework more accessible and relevant to various organizations.

Applying the NIST CSF V1.1 to AWS Environments

AWS offers a best practices framework for structuring and automating assessments against the NIST CSF V1.1, which provides organizations a comprehensive set of technical controls. The controls are grouped into these five categories:

• Detect
• Identify
• Protect
• Recover
• Respond

By comparing your AWS environment against these controls, you can identify gaps in your security posture and make the necessary configuration changes. Even if achieving NIST CSF compliance isn’t a requirement for your organization, it can be a way of demonstrating security excellence.

Here are some examples of controls related to compliance with the NIST CSF Framework:

• Access keys must have a max age (90 days) which requires them to be rotated.
• CloudTrail must be enabled.
• DB Instance backups must be enabled.
• IAM MFA must be enabled.
• RDS Snapshots must be encrypted.

There are hundreds of controls like these that you need to check to ensure compliance and identify gaps. If you checked each one manually, it would take way too much time. You also couldn't ensure that you wouldn't fall out of compliance over time. With an automation platform like Blink, running compliance checks is simple.

Automating NIST Cybersecurity Compliance Checks with Blink

With one automation in Blink, you can scan your AWS environment and generate compliance reports for all the NIST Cybersecurity Framework controls.

When this automation runs, it executes the following steps:

1. Generates the Detect (DE) Report.
2. Generates the Identify (ID) Report.
3. Generates the Protect (PR) Report.
4. Generates the Recover (RC) Report.
5. Generates the Respond (RS) Report.
6. Sends the Report results to a specified email address.

You can easily customize this automation in Blink so you could run this on a weekly schedule or send it to a Slack or Teams channel instead.

With over 7K automations in the Blink library, you can easily gauge compliance with various industry standards, from NIST CSF to SOC 2, PCI, and ISO compliance.

Get started with Blink today to see just how easy security automation can be.