This chapter focuses on Amazon Web Services (AWS) solutions and capabilities supporting the core that can enable one to achieve the security outcomes in the Cybersecurity Framework (CSF). It also describes how AWS services that have been accredited under FedRAMP Moderate and ISO 9001/27001/27017/27018 align to the CSF. The core references security controls from widely adopted, internationally recognized standards such as ISO/IEC 27001, NIST 800‐53, and Control Objectives for Information and Related Technology. The chapter addresses the six categories that comprise the “Protect” function: access control, awareness and training, data security, information protection processes and procedures, maintenance, and protective technology. Amazon Inspector automatically assesses applications for exposure, vulnerabilities, and deviations from best practices. Amazon Macie provides a key data classification capability that prevents many threats to organizations. The Recovery function is addressed by Amazon Glacier, AWS CloudFormation, CloudEndure Disaster Recovery, and AWS OpsWorks.