Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

Leveraging NIST Standards to Build Your Enterprise Security

The federal government has produced a body of standards and guidelines—including the NIST Cybersecurity Framework—that can help the private sector as well as government agencies improve information security. Automation can help you take full advantage of these standards.

The U.S. Department of Defense (DOD) now requires contractors holding sensitive government information on their IT systems to comply with federal cybersecurity guidelines spelled out in Special Publication 800-171 from the National Institute of Standards and Technology (NIST) by the end of 2017.

The DOD mandate reflects what a department spokesperson called the “urgent need to increase cybersecurity requirements.” The guidelines are crafted specifically for the private sector and provide a path to security for contractors using government controlled unclassified information (CUI).

This is an example of how government standards are shaping private sector cybersecurity.

The trend toward standardized security

Government standards are shaping private sector cybersecurity

Corporate enterprises increasingly are taking advantage of security standards developed by and for the federal government. With the recognition that private sector cybersecurity is essential to national security and the national economy, NIST is helping to create a foundation of standards, best practices and guidance that can be applied across the nation’s information infrastructure.

Some efforts, such as the Security Content Automation Protocols (SCAP), have already had a major impact. The requirement that government agencies use tools that comply with the SCAP open security standards has resulted in the availability of a wide range of commercial products that also help companies automate security monitoring and scanning. Other programs are being crafted specifically for the private sector, such as the NIST Framework for Improving Critical Infrastructure Cybersecurity, commonly referred to as the Cybersecurity Framework (CSF).

The core of NIST security guidance is the extensive catalog of security controls contained in SP 800-53. These controls, together with industry standards and best practices, are used to produce flexible, interoperable guidelines that can be adapted to fit the needs of organizations of almost any type and size. Because of this integration and flexibility, organizations can easily find the appropriate security controls for meeting the requirements of their own security policies, and to comply with industry or government regulation.

Adoption of guidance such as the Cybersecurity Framework is becoming viewed as a best practice

As a result, government security standards and guidance are finding wide adoption in the private sector. Adoption of guidance such as the Cybersecurity Framework is becoming viewed as a best practice, helping organizations move beyond mere regulatory compliance to effective risk management. A Gartner study estimated that 30 percent of U.S. organizations were using the CSF in 2015 and predicted that it would be 50 percent by 2020.

Automation helps leverage standards-based security

Although the Cybersecurity Framework was created to adapt to the needs of organizations of all sizes, implementing it is not necessarily easy when IT budgets and resources are stretched thin. Manual assessment, configuration and validation of controls and settings can be time consuming and resource intensive. Automation can replace manual processes to help ease the adoption of the CSF and other standards.

Automation can replace manual processes to help ease the adoption of the CSF

SecurityCenter™ from Tenable Network Security was validated for compliance with SCAP 1.2 in 2015. At RSA Conference 2016, Tenable also announced a new solution making it easier for companies and government agencies to ensure conformance with CSF. SecurityCenter Continuous View™ (SecurityCenter CV™) includes the industry’s first CSF dashboards to provide a unified view of the organization’s IT landscape. It replaces manual processes by automating:

  • Conformance assessments to evaluate the technical controls in place and validate that they are operating effectively.
  • Continuous monitoring across both industrial control systems and IT networks, including physical and virtual infrastructure, cloud, and mobile environments.
  • CSF-specific customizable Assurance Report Cards (ARCs) and dashboards to provide a unified view of conditions.
  • Comparison of current security posture to a target security profile to identify gaps and create a roadmap to a defensible security program.

SecurityCenter CSF Dashboard

To learn more about how SecurityCenter CV can help you take advantage of the Cybersecurity Framework, visit Tenable Network Security.

Related Articles

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training