Solutions The best route to security compliance
Platform A powerful suite of ISMS features
Resources Everything you need to know
Knowledge Base Learn more about infosec
Company Security and customers first

Cloud Security Best Practices NIST

According to the most recent data, 92% of all organisations have some portion of their IT environment hosted in the cloud. Cloud computing comes with a wide range of benefits, from connecting remote employees to freeing up companies from having to host and maintain expensive equipment on-premises. Unfortunately, with all the benefits that cloud computing brings, it also opens the door to more potential cyber threats for the businesses that employ it.

What is NIST cloud security?

To help organisations protect themselves from cloud computing threats, the National Institute of Standards and Technology (NIST) developed several cloud security standards and frameworks. This enables organisations to standardise and maintain secure cloud environments.

NIST standards that concern cloud security

Not every standard developed by NIST is relevant to cloud security. However, there are many that do deal with it. These include:

NIST cloud security best practices NIST

While the NIST standards are intended to help companies enhance their cloud and cybersecurity policies and protocols, following best practices can be employed in tandem to ensure the utmost levels of security.

Regularly conduct penetration tests and vulnerability assessments

The NIST recommends performing regular risk and vulnerability assessments to identify any cloud or cybersecurity vulnerabilities that could be exploited by malicious actors.

Install and update firewalls and anti-malware software

NIST recommends that organisations employ strong firewalls to scan internal and external networks and filter out suspicious and potentially malicious traffic.

Encrypt data

Data encryption protects sensitive information from bad actors. NIST recommends ensuring data is encrypted both in transit and at rest.

Employ access management controls

NIST recommends securing access to cloud resources with access management, multi-factor authentication, and role-based access control.

Have a well-defined incident response plan

NIST recommends establishing an incident response plan that enables you to detect, identify, contain, and recover from threats.

Cybersecurity best practices NIST

The NIST Cybersecurity Framework (CSF) is a framework that was developed to help organisations bolster their cybersecurity defences. The CSF is broken down into five separate functions: Identify, Protect, Detect, Respond, and Recover. More on the NIST CSF and its functions can be found here.

NIST provides best practices, which are outlined as the aforementioned functions that are then divided into 23 outcome categories. These include:

Function: Identify

Outcome Category

Asset management

Business environment


Risk assessment

Risk management strategy

Supply chain risk management

Function: Protect

Outcome Category

Identity management & access control

Awareness and training

Data security

Information protection processes and procedures


Protective technology

Function: Detect

Outcome Category

Anomalies and events

Security continuous monitoring

Detection processes

Function: Respond

Outcome Category

Response planning





Function: Recover

Outcome Category

Recovery planning


Internal and external communication

Learn more about NIST with Hicomply

Whether your organisation is required to comply with NIST CSF or another NIST standard, or if you’re simply trying to bolster your cyber defences, Hicomply is here to help. Visit our learning hub to get a better understanding of the NIST Framework and NIST 800-53.