WASHINGTON, USA — The General Secretariat of the Organization of American States (OAS) and Amazon Web Services, Inc. (AWS), an Amazon.com company, on August 30, presented the white paper “NIST Cybersecurity Framework (CSF): A comprehensive approach to cybersecurity,” which addresses the main advantages and opportunities offered by the National Institute of Standards and Technology (NIST) methodology for cyber risk management in all technology services, from common web applications to critical infrastructures.
The publication, the fifth in a series of collaborative white papers, is part of a work between the two organizations with a focus on helping government leaders and others in the private and public sectors to increase their knowledge of cybersecurity, becoming better prepared to support their citizens and organizations.
The document addresses the process from the creation of the NIST Cybersecurity Framework (CSF) in 2013 until the launch of its second version in 2018. It also details a strategy for governmental adoption of this framework and two global case studies on countries applying the framework, using different approaches; the United Kingdom and Uruguay.
The OAS secretary for multidimensional security, Farah Urrutia, said, “cybersecurity is one of the main challenges for the nations in our hemisphere, which are adopting a comprehensive approach to ensure an open, secure, and reliable digital environment throughout the Americas. The document that we present today contributes substantively to the knowledge of our member states in this area and is part of a long and fruitful collaboration between the OAS and AWS.”
In agreement, Abby Daniel, AWS public sector manager for business development, points out that “Cybersecurity is just not a tech challenge, solved only in acquiring a technical solution. It is a business issue that must be addressed comprehensively through people, processes, and technology.
The NIST CSF provides a comprehensive and programmatic approach to bridge the organization’s businesses objectives with their security objectives, integrates with other industry security control standards, and is flexible so that any organization can adapt to best suit their needs.” The executive also reinforced that “the NIST framework enables organizations to easily adopt technologies as cloud computing services, such as IoT, artificial intelligence and machine learning, based on capabilities rather than narrow security controls brought over from legacy technology”.