NIST Cybersecurity Framework (CSF) was a collaboration effort of industry experts and government. This framework is considered to be flexible and useful for protection of critical infrastructure.

Based on NIST CSF website – “NIST CSF is prioritized, flexible, repeatable, and cost-effective approach of the Framework helps owners and operators of critical infrastructure to manage cybersecurity-related risk.”

While NIST CSF was primarily written by National Institute of Standards and Technology (NIST), the same organization behind NIST 800-53, there are several differences between them. The CSF Framework is concise, voluntary in nature and builds on existing frameworks such as COBIT.

The Framework is more high-level compared to NIST 800-53. It focuses on how to access and prioritize security functions, and references existing documents like NIST 800-53, COBIT 5 and ISO 27001.

Compliance in the Cloud and Key Challenges

Most of the NIST CSF controls can be categorized as being either procedural or technical controls. Procedural controls are usually policies procedures and process related. Technical controls typically relate to configuration of your cloud environment and should be implemented and assessed using cloud security tools.

Design and implementation of technical security and privacy controls in the cloud present unique challenges listed below:

Lack of Visibility Lack of visibility into infrastructure security is the biggest cloud management challenge, according to a recent study of information security professionals. Per the latest 2018 Cloud Security Report based on a survey conducted of 400,000 Information Security professionals on LinkedIn, the top three security control challenges SOCs are struggling with are visibility into infrastructure security (43%), compliance (38%) and setting consistent security policies across cloud and on premises environments (35%). Companies need tools that provide security visualization, management, and enforcement of compliance and security best practices.

Ever-changing Cloud TechnologyExisting security solutions are not designed to support dynamic cloud infrastructure that is rapidly changing.

Knowledge GapOne of the cloud computing challenges is lack of specific cloud security knowledge in the DevOps/Compliance teams. This knowledge gap makes it even more difficult to develop enterprise wide guidelines and best practices around detailed technical recommendations.

Large Amounts of DataExisting security and compliance tools are focused on analyzing large volumes of data and generating text heavy reports. These tools lack the ability to visualize configuration/activity data, and cannot support real-time monitoring of compliance and security requirements.

Remediation Challenges Complex cloud architectures make it difficult to identify known issues immediately upon discovery and perform the necessary remediation actions all from a single platform.

How Does Dome9 Help with NIST CSF Compliance?

Dome9 now supports both NIST 800-53 and NIST CSF for AWS, GCP and Azure clouds.

1. Clarity for Visibility into all of your Cloud Assets

A company needs to clearly define the scope of all the system components in scope for NIST CSF certification. Dome9 provides you the visibility into cloud assets in order to comply with NIST CSF since you cannot protect information that is not on your radar.

network visibility

 

 2. Compliance Engine for Continuous Monitoring

Real-time view of compliance and security posture for immediate risk mitigation

cloud compliance

 

 3. Governance Specification Language (GSL) for Custom Policies

GSL allows Compliance and Security team to write and review any compliance check in seconds without deep technical knowledge – This equates to fewer errors in translating IT governance requirements to policy definitions.

cloud compliance policies

 

4. Continuous Compliance for Automation

Continuous Compliance allows Dome9 clients to continuously run a compliance assessment according to various compliance suites and deliver findings through the most convenient method such as email, SNS notification message or PDF report.

cloud compliance automation

 

 5. Advanced Alerts Mechanism

Our Advanced Alerts Mechanism alerts you on findings that Dome9 discovers when scanning AWS Accounts, Azure Subscriptions, and GCP Projects. This mechanism allows you to maintain NIST CSF compliance and easily trigger incident response and start your investigation if there are major issues.

compliance alerts

 

6. Magellan for Network Traffic Visibility

Dome9 Magellan delivers enhanced threat intelligence, deep event correlation, and policy-driven intrusion detection and forensics purpose-built for the public cloud that is crucial for your compliance with threat detection and incident response requirements.

cloud threat detection

Get Started Today with Dome9 NIST CSF Compliance

The Dome9 Compliance Engine ensures continuous compliance automation of the NIST CSF across your cloud accounts, with out of box compliance bundles for NIST CSF.

NIST CSF

With a single click, you can automate your NIST 800-53 continuous compliance assessment in real time using Dome9’ Compliance Engine and continuous compliance features.

Below is the coverage that Dome9 offers:

NIST CSF

Additional Helpful Resources

NIST CSF

https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf

AWS

Aligning to the NIST Cybersecurity Framework in the AWS Cloud:

https://aws.amazon.com/blogs/security/tag/nist-csf/

Standardized Architecture for NIST-based Assurance Frameworks on the AWS Cloud: Quick Start Reference Deployment

https://docs.aws.amazon.com/quickstart/latest/accelerator-nist/welcome.html

You can also view the security controls matrix (Microsoft Excel spreadsheet), which maps the architecture decisions, components

https://s3.amazonaws.com/quickstart-reference/enterprise-accelerator/nistv2/latest/docs/NIST-800-53-Security-Controls-Mapping.xlsx

GCP

Google Cloud NIST 800-53 resources

https://cloud.google.com/security/compliance/nist800-53/

Azure

NIST 800-53 controls within the FedRAMP Moderate Baseline by Azure (Microsoft Cloud)

https://www.microsoft.com/en-us/trustcenter/compliance/NIST_CSF