This report performs a technical assessment of your AWS environment against selected controls from the NIST Cybersecurity Framework (CSF). The NIST CSF provides a flexible, risk-based approach to improving the cybersecurity posture of organizations, and is structured around five core functions: Identify, Protect, Detect, Respond, and Recover.
This assessment evaluates your environment against the following NIST CSF categories:
Covers asset management, business context, and risk assessment processes to understand the organizational environment and manage cybersecurity risk.
Focuses on identity management, access controls, data security, maintenance, and protective technologies to ensure safeguards are in place to protect systems and data.
Addresses continuous monitoring, anomaly detection, and event analysis to identify cybersecurity events in a timely manner.
Includes analysis and mitigation actions to respond to detected cybersecurity incidents effectively.
Note: The Recover (RC) function is not explicitly covered in this assessment but can be added in future iterations.
The assessment covers many AWS services, including IAM, S3, CloudTrail, GuardDuty, and Security Hub.
Upon completion, you will receive a detailed report identifying all passed and failed resources, along with actionable remediation steps to help you align your cloud environment with the NIST CSF.