Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

NIST Cybersecurity Framework Adoption Linked to Higher Security Confidence According to New Research from Tenable Network Security

March 29, 2016

Columbia, MD

More organizations plan to adopt the NIST Cybersecurity Framework in the next 12 months than any other IT security framework, yet many struggle to implement the full range of best practices

Tenable Network Security, Inc., a global leader transforming security technology for the business needs of tomorrow, revealed today that overall security confidence was higher for organizations leveraging the U.S. National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity (Cybersecurity Framework), according to findings from the Trends in Security Framework Adoption Survey (PDF).

The survey tallied responses from more than 300 U.S. security professionals from organizations of all sizes across key industry verticals to better understand the adoption patterns of the top security frameworks. While 84 percent of survey respondents reported using at least one security framework, 16 percent still do not leverage any security framework. According to survey data, the NIST Cybersecurity Framework is the most likely security framework to be adopted by organizations over the next year.

“Historically, CISOs have been hesitant to take full advantage of the NIST Cybersecurity Framework because of a high investment requirement and a lack of regulatory mandate,” said Ron Gula, CEO, Tenable Network Security. “This is changing as organizations begin to shift their mindset from moment-in-time compliance with frameworks like PCI DSS to continuous conformance with the NIST Cybersecurity Framework.”

Despite 70 percent of respondents praising the NIST Cybersecurity Framework as an industry best practice, more than 50 percent of current and future adopters said the level of investment needed in order to fully conform with the framework was high.

The lack of regulatory requirement and high perceived investment means many organizations that have already adopted the NIST Cybersecurity Framework do not implement all of its recommendations. Sixty-four percent of respondents from organizations currently using the NIST CSF reported implementing some of the NIST recommended controls, but not all of them. Similarly, 83 percent of organizations that plan to adopt the NIST Cybersecurity Framework in the next year said they will adopt some, but not all of the NIST Cybersecurity Framework controls.

To make it easier for companies and government organizations to adopt and benefit from the NIST Cybersecurity Framework, Tenable recently introduced its NIST CSF solution, which includes the industry’s first and only NIST CSF dashboards, in Tenable’s SecurityCenter Continuous View™.

“The NIST Cybersecurity Framework is one of the most thorough and reliable cybersecurity frameworks available, but it can be challenging for CISOs to conform to these standards all the time,” said Gula. “Tenable’s NIST Cybersecurity Framework solution helps automate and simplify NIST framework adoption, giving organizations the complete visibility and critical context needed to continuously conform to NIST best practices.”

For more information on how organizations can automate the assessment and operation of more than 90 percent of NIST Cybersecurity Framework technical controls to measure conformance across the entire IT environment, visit tenable.com/solutions/nist-cybersecurity-framework.

To further explore the automation and measurement capabilities of Tenable’s NIST CSF dashboards, register for the upcoming webinar,  “Automate Simplify and Communicate NIST CSF Conformance,” at 2 p.m. ET on April 8, 2016.

Original research for the Trends in Security Framework Adoption Survey was commissioned by Tenable and conducted by Dimensional Research, a market research firm providing practical insights for technology companies. To view or download an executive summary of the research findings, visit tenable.com/marketing/tenable-csf-report.pdf.

About Tenable

Tenable®, Inc. is the Cyber Exposure company. Over 24,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver Tenable.io®, the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include more than 50 percent of the Fortune 500, more than 20 percent of the Global 2000 and large government agencies. Learn more at tenable.com.

Contact Information:

Cayla Baker
[email protected]
(443) 539-6476

Try for Free Buy Now

Try Tenable.io Vulnerability Management


Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now and run your first scan within 60 seconds.

Buy Tenable.io Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Try Nessus Professional Free


Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.