Cloud Security Best Practices NIST
According to the most recent data, 92% of all organisations have some portion of their IT environment hosted in the cloud. Cloud computing comes with a wide range of benefits, from connecting remote employees to freeing up companies from having to host and maintain expensive equipment on-premises. Unfortunately, with all the benefits that cloud computing brings, it also opens the door to more potential cyber threats for the businesses that employ it.
What is NIST cloud security?
To help organisations protect themselves from cloud computing threats, the National Institute of Standards and Technology (NIST) developed several cloud security standards and frameworks. This enables organisations to standardise and maintain secure cloud environments.
NIST standards that concern cloud security
Not every standard developed by NIST is relevant to cloud security. However, there are many that do deal with it. These include:
- NIST 800-53
- NIST 800-144
- NIST 800-145
- NIST 800-146
- NIST 800-210
- NIST Cyber Security Framework
NIST cloud security best practices NIST
While the NIST standards are intended to help companies enhance their cloud and cybersecurity policies and protocols, following best practices can be employed in tandem to ensure the utmost levels of security.
Regularly conduct penetration tests and vulnerability assessments
The NIST recommends performing regular risk and vulnerability assessments to identify any cloud or cybersecurity vulnerabilities that could be exploited by malicious actors.
Install and update firewalls and anti-malware software
NIST recommends that organisations employ strong firewalls to scan internal and external networks and filter out suspicious and potentially malicious traffic.
Encrypt data
Data encryption protects sensitive information from bad actors. NIST recommends ensuring data is encrypted both in transit and at rest.
Employ access management controls
NIST recommends securing access to cloud resources with access management, multi-factor authentication, and role-based access control.
Have a well-defined incident response plan
NIST recommends establishing an incident response plan that enables you to detect, identify, contain, and recover from threats.
Cybersecurity best practices NIST
The NIST Cybersecurity Framework (CSF) is a framework that was developed to help organisations bolster their cybersecurity defences. The CSF is broken down into five separate functions: Identify, Protect, Detect, Respond, and Recover. More on the NIST CSF and its functions can be found here.
NIST provides best practices, which are outlined as the aforementioned functions that are then divided into 23 outcome categories. These include:
Function: Identify
Outcome Category |
Asset management |
Business environment |
Governance |
Risk assessment |
Risk management strategy |
Supply chain risk management |
Function: Protect
Outcome Category |
Identity management & access control |
Awareness and training |
Data security |
Information protection processes and procedures |
Maintenance |
Protective technology |
Function: Detect
Outcome Category |
Anomalies and events |
Security continuous monitoring |
Detection processes |
Function: Respond
Outcome Category |
Response planning |
Communication |
Analysis |
Mitigation |
Improvements |
Function: Recover
Outcome Category |
Recovery planning |
Improvements |
Internal and external communication |
Learn more about NIST with Hicomply
Whether your organisation is required to comply with NIST CSF or another NIST standard, or if you’re simply trying to bolster your cyber defences, Hicomply is here to help. Visit our learning hub to get a better understanding of the NIST Framework and NIST 800-53.