Cloud Wars
  • Home
  • Top 10
  • CW Minute
  • CW Podcast
  • Categories
    • AI and Copilots
    • Innovation & Leadership
    • Cybersecurity
    • Data
  • Member Resources
    • Cloud Wars AI Agent
    • Digital Summits
    • Guidebooks
    • Reports
  • About Us
    • Our Story
    • Tech Analysts
    • Marketing Services
  • Summit NA
  • Dynamics Communities
  • Ask Copilot
Twitter Instagram
  • Summit NA
  • Dynamics Communities
  • AI Copilot Summit NA
  • Ask Cloud Wars
Twitter LinkedIn
Cloud Wars
  • Home
  • Top 10
  • CW Minute
  • CW Podcast
  • Categories
    • AI and CopilotsWelcome to the Acceleration Economy AI Index, a weekly segment where we cover the most important recent news in AI innovation, funding, and solutions in under 10 minutes. Our goal is to get you up to speed – the same speed AI innovation is taking place nowadays – and prepare you for that upcoming customer call, board meeting, or conversation with your colleague.
    • Innovation & Leadership
    • CybersecurityThe practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks.
    • Data
  • Member Resources
    • Cloud Wars AI Agent
    • Digital Summits
    • Guidebooks
    • Reports
  • About Us
    • Our Story
    • Tech Analysts
    • Marketing Services
    • Login / Register
Cloud Wars
    • Login / Register
Home » Understanding the 5 Most Important Cybersecurity Frameworks
Cybersecurity

Understanding the 5 Most Important Cybersecurity Frameworks

Bill DoerrfeldBy Bill DoerrfeldFebruary 17, 2022Updated:April 13, 20236 Mins Read
Facebook Twitter LinkedIn Email
Cybersecurity Frameworks
Share
Facebook Twitter LinkedIn Email
Acceleration Economy Cybersecurity

Many enterprises are still unprepared for the exponential growth of cyberattacks and the increasing sophistication of those attacks. What’s more, attack surfaces are growing meaning that more assets are being exposed to cyberattacks and the frequency of exposure increases. Much of the blame for the increase in compromises lie with software components that are overexposed or misconfigured with improper permissions. And as international cyberwarfare becomes more of a state-endorsed tactic, private enterprises can more easily fall victim to cybercriminals.

Without the proper cybersecurity guidance, companies are more prone to Denial of Service attacks, data exfiltration, ransomware, and other nefarious acts. Thankfully, plenty of guidelines are available to help organizations strengthen their systems. For example, standard cybersecurity frameworks can greatly inform an overall security strategy.

According to the Secure DevOps and Misconfigurations report, conducted by Cloud Security Alliance, the most important security frameworks for organizations are as follows: National Institute of Standards and Technology’s Cybersecurity Framework (78%), CIS Security Foundations Benchmarks (67%), CSA’s Cloud Controls Matrix (66%), ISO (54%), and AWS (44%).

Below, we’ll review each of these five cybersecurity frameworks. I’ll consider why these benchmarks are helpful to follow, and see who’s behind them. Whether you’re just getting into IT security, or a seasoned professional, these centers are definitely good to follow for knowledge to help decrease risk.

1. NIST Cybersecurity Framework

The National Institute of Standards and Technology (NIST) is a renowned standards-setting body overseen by the U.S. government. The guidelines issued by NIST act as recommendations for government agencies and also inform the private sector. The NIST Cybersecurity Framework, initiated by an Obama-era 2013 Executive Order 13636 on Improving Critical Infrastructure Cybersecurity, directed NIST to develop standards and practices to improve cybersecurity across departments.

NIST is focused on identifying repeatable and cost-effective means to defend critical infrastructure. For example, S.P. 800-204A and SP 800-204B describe how to implement service mesh to invoke a zero-trust architecture (ZTA). The framework is divided into five core areas — ​​Identify, Protect, Detect, Respond, and Recover. These areas provide valuable insights around protecting sensitive data, conducting backups, managing common device vulnerabilities, ensuring quick incident responses, and other best practices.

The actual framework is served as a PDF table citing sources with in-depth descriptions. NIST also provides a more readable quick-start guide.

2. CIS Benchmarks

Center for Internet Security (CIS) is an independent non-profit organization that seeks to establish security benchmarks for today’s leading technologies. CIS oversees CIS Benchmarks, a hub of over 100 configuration guidelines across 25 different vendor categories. These guidelines help security professionals dive into the nitty-gritty details to ward off potential vulnerabilities.

For example, CIS publishes benchmarks for all cloud providers, including AWS, Google Cloud, Microsoft Azure, and IBM Cloud. Following these guidelines would ensure your cloud adoption isn’t prone to misuse or misconfiguration. Other CIS benchmarks cover everything from desktop operating systems to mobile devices, network devices, and SaaS software.

The basic CIS Benchmarks are delivered for free in PDF form for worldwide accessibility. However, they require some personal information to download, and some content is walled off for paying members only.

3. CSA’s Cloud Controls Matrix

Cloud Security Alliance (CSA) is an organization that sets best practices for cloud computing security. CSA provides security certifications, research, and resources to engage with the larger security community. CSA also oversees the Cloud Controls Matrix.

The cloud is a nebulous concept, and cloud adoption looks different from business to business. There are many ways to run an application in the cloud (AWS alone supports over 200 different cloud services). And companies often utilize a mixture of multiple clouds and hybrid cloud architectures, further ballooning the potential threat landscape.

Maintained by the Cloud Controls Matrix Working Group, the CSA Cloud Controls Matrix (CCM) provides a means to audit cloud environments for industry-accepted standards and regulations. The Matrix provides systematic processes for assessing the security of many different cloud computing arrangements. Application security, configuration management, compliance, and identity and access management are just several of the many security domains covered in the Matrix.

Keep in mind, CSA conducts more of a business model around membership and certifications. However, you can use CCM without a license for internal purposes.

4. ISO 27000 Standards

International Organization for Standardization ISO is an international non-governmental organization that publishes many different types of standards. The ISO/IEC 27000 family of standards is related to cybersecurity. Of these, 27001 is the most well-known collection of requirements for an information security management system.

The ISO 27000 requirements present a code of practice for modern security techniques. Similar to NIST, the framework doesn’t promote a single vendor solution, but ISO digs a little deeper into detail than NIST controls. Although ISO certification is completely obligatory, many digital companies often hire a third-party auditor to verify their ISO certification.

5. AWS Benchmarks

Amazon Web Services (AWS) is compliant with NIST 800-53 and other security frameworks. Although AWS cloud infrastructure itself inherits these security benchmarks, this is independent of the customer actions. How you use the cloud and what you store on the cloud could still break NIST. For example, the operating systems, deployed applications, or firewalls hosted in the cloud still be misconfigured.

To help its customers align to NIST requirements, AWS offers a handy downloadable matrix. If you’re on AWS, this could be useful to guide to secure and configure your software components properly.

Combine and Refine

Since diversification can widen your threat knowledge to better inform your security posture, organizations will probably seek to follow multiple security frameworks simultaneously. Another benefit is improved partner relations — if third parties see your organization as compliant, they can place better faith in your data-handling processes. This is all the more critical to comply with new data privacy regulations.

To review:

  • NIST publishes government-grade general cybersecurity guidelines.
  • CIST presents specific benchmarks around technology vendors and specific software systems.
  • CSA oversees recommendations on cloud security assurances and compliances.
  • ISO standards are globally-recognized security requirements.
  • AWS offers materials for customers to meet NIST requirements.

While the five benchmarks above represent the most adopted ones, it should be noted that 10% of organizations also follow other cybersecurity control frameworks. Others include COBIT, HIPAA, and GDPR. Aside from these control frameworks, subscribing to databases of common vulnerabilities and exposures (CVEs) can be another effective way to keep on top of new security threats.


featured security
Share. Facebook Twitter LinkedIn Email
Bill Doerrfeld
  • LinkedIn

Bill Doerrfeld, an Acceleration Economy Analyst focused on Low Code/No Code & Cybersecurity, is a tech journalist and API thought leader. Bill has been researching and covering SaaS and cloud IT trends since 2013, sharing insights through high-impact articles, interviews, and reports. Bill is the Editor in Chief for Nordic APIs, one the most well-known API blogs in the world. He is also a contributor to DevOps.com, Container Journal, Tech Beacon, ProgrammableWeb, and other presences. He's originally from Seattle, where he attended the University of Washington. He now lives and works in Portland, Maine. Bill loves connecting with new folks and forecasting the future of our digital world. If you have a PR, or would like to discuss how to work together, feel free to reach out at his personal website: www.doerrfeld.io.

Related Posts

Snowflake Powers LA28 Olympics as Official Data Collaboration Provider, Showcasing AI-Driven Innovation on a Global Stage

June 6, 2025

Accenture and SAP Launch Tailored AI-Powered Solutions for High-Growth Companies

June 6, 2025

Snowflake Follows 34% RPO Spike with AI Data Cloud New-Product Blitz

June 5, 2025

AI Agent Interoperability: Community Project Details MCP Vulnerabilities, Enterprise Security Measures

June 5, 2025
Add A Comment

Comments are closed.

Recent Posts
  • Snowflake Powers LA28 Olympics as Official Data Collaboration Provider, Showcasing AI-Driven Innovation on a Global Stage
  • Accenture and SAP Launch Tailored AI-Powered Solutions for High-Growth Companies
  • Snowflake Follows 34% RPO Spike with AI Data Cloud New-Product Blitz
  • AI Agent Interoperability: Community Project Details MCP Vulnerabilities, Enterprise Security Measures
  • Snowflake’s 1-2 Combo: RPO Jumps 34%, Then AI/Data Product Blitz

  • Ask Cloud Wars AI Agent
  • Tech Guidebooks
  • Industry Reports
  • Newsletters

Join Today

Most Popular Guidebooks

Accelerating GenAI Impact: From POC to Production Success

November 1, 2024

ExFlow from SignUp Software: Streamlining Dynamics 365 Finance & Operations and Business Central with AP Automation

September 10, 2024

Delivering on the Promise of Multicloud | How to Realize Multicloud’s Full Potential While Addressing Challenges

July 19, 2024

Zero Trust Network Access | A CISO Guidebook

February 1, 2024

Advertisement
Cloud Wars
Twitter LinkedIn
  • Home
  • About Us
  • Privacy Policy
  • Get In Touch
  • Marketing Services
  • Do not sell my information
© 2025 Cloud Wars.

Type above and press Enter to search. Press Esc to cancel.

  • Login
Forgot Password?
Lost your password? Please enter your username or email address. You will receive a link to create a new password via email.