Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

NIST Cybersecurity Framework Adoption on the Rise

Security is top of mind for every organization, and in today’s complex IT environment, it can be a challenge for CISOs to ensure their security programs are performing efficiently and effectively. Over the years numerous security frameworks, guidelines and regulations have been created to help organizations stay on track. This week Tenable Network Security released results from the Trends in Security Framework Adoption Survey to better understand adoption patterns for widely used security frameworks, based on research conducted by Dimensional Research of more than 300 IT and security professionals in the U.S.

Overwhelming adoption rates

84% of organizations across a wide range of sizes and industries already leverage some type of security framework

The survey reveals that 84% of organizations across a wide range of sizes and industries already leverage some type of security framework. The most widely used frameworks include the U.S. National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity (Cybersecurity Framework), Payment Card Industry Data Security Council Standard (PCI DSS), Center for Internet Security Critical Security Controls (CIS) and the ISO/IEC 27001/27002 (ISO).

The industries most reliant on security frameworks include Banking and Finance with 88% adopting at least one framework, Information Technology (87%), Government (86%) and Manufacturing (83%). Only 77% of Education and 61% of Healthcare respondents report having a security framework in place. Results also show that 44% of organizations use more than one security framework.

NIST CSF emerging as best practice

Following a security framework engenders confidence in an organization’s security posture. According to the survey results, 29% of organizations leverage the NIST Cybersecurity Framework (CSF) and overall security confidence is higher for those using this framework. Additionally, more than 70% of respondents who have adopted or plan to adopt the NIST CSF view it as an industry best practice. It’s also the most likely security framework to be adopted by organizations over the next year.

More than 70% of respondents who have adopted or plan to adopt the NIST CSF view it as an industry best practice

Industries already using the NIST CSF are the Government (14%) and Banking and Finance (18%). Even though NIST CSF consists of standards, guidelines, and practices designed to promote the protection of critical infrastructure, it has emerged as one of the most thorough and reliable cybersecurity frameworks available to organizations of all types and sizes.

While the survey indicates larger organizations (5,000 employees or more) are more likely to adopt the NIST CSF (37%), 17% of smaller organizations surveyed (100 to 1,000 employees) also rely on this framework to maintain their security posture. Larger organizations may be more likely to have a security framework in place if they have more staff and a bigger budget to secure a larger network.

Adoption barriers

Despite the overwhelmingly positive feedback on the NIST Cybersecurity Framework, there are still barriers standing in the way of its full adoption. Organizations that have already adopted the NIST CSF cite a lack of regulatory requirements and a perceived large investment as obstacles preventing them from implementing all of the recommended controls.

Regulatory requirements and a perceived large investment are obstacles preventing implementation of all the CSF recommended controls

In fact, 64% of respondents from organizations currently using the NIST CSF implement some of the NIST recommended controls, but not all of them. Similarly, 83% of organizations that plan to adopt the NIST CSF in the next year report they will adopt some, but not all of the CSF controls. This is potentially unsettling; if organizations only conform to some suggested security controls, that could leave them vulnerable to gaps in network protection, inviting compromise and breaches. Comprehensive security is the best way to ensure CISOs won’t be left in the dark.

A Tenable solution

Tenable makes it easier for businesses and government organizations to adopt and benefit from the NIST Cybersecurity Framework. We recently introduced the industry’s first and only solution for automating the assessment of more than 90% of the NIST CSF technical controls. Using the NIST Cybersecurity Framework dashboards and reports built into SecurityCenter Continuous View™, you can rapidly evaluate, measure and report on conformance with the framework. Tenable also enables effective communication of the NIST CSF technical controls in business language that executives and boards of directors can understand, using built-in Assurance Report cards (ARCs).

More information

Want to know more? Check out these resources:

Related Articles

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.

Tenable Vulnerability Management

Formerly Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Formerly Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Formerly Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Formerly Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Formerly Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Formerly Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Formerly Tenable.io Web Application Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Formerly Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training