NIST Cybersecurity Framework Adoption Linked to Higher Security Confidence According to New Research from Tenable Network Security

More organizations plan to adopt the NIST Cybersecurity Framework in the next 12 months than any other IT security framework, yet many struggle to implement the full range of best practices

Tenable Network Security, Inc., a global leader transforming security technology for the business needs of tomorrow, revealed today that overall security confidence was higher for organizations leveraging the U.S. National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity (Cybersecurity Framework), according to findings from the Trends in Security Framework Adoption Survey (PDF).

The survey tallied responses from more than 300 U.S. security professionals from organizations of all sizes across key industry verticals to better understand the adoption patterns of the top security frameworks. While 84 percent of survey respondents reported using at least one security framework, 16 percent still do not leverage any security framework. According to survey data, the NIST Cybersecurity Framework is the most likely security framework to be adopted by organizations over the next year.

“Historically, CISOs have been hesitant to take full advantage of the NIST Cybersecurity Framework because of a high investment requirement and a lack of regulatory mandate,” said Ron Gula, CEO, Tenable Network Security. “This is changing as organizations begin to shift their mindset from moment-in-time compliance with frameworks like PCI DSS to continuous conformance with the NIST Cybersecurity Framework.”

Despite 70 percent of respondents praising the NIST Cybersecurity Framework as an industry best practice, more than 50 percent of current and future adopters said the level of investment needed in order to fully conform with the framework was high.

The lack of regulatory requirement and high perceived investment means many organizations that have already adopted the NIST Cybersecurity Framework do not implement all of its recommendations. Sixty-four percent of respondents from organizations currently using the NIST CSF reported implementing some of the NIST recommended controls, but not all of them. Similarly, 83 percent of organizations that plan to adopt the NIST Cybersecurity Framework in the next year said they will adopt some, but not all of the NIST Cybersecurity Framework controls.

To make it easier for companies and government organizations to adopt and benefit from the NIST Cybersecurity Framework, Tenable recently introduced its NIST CSF solution, which includes the industry’s first and only NIST CSF dashboards, in Tenable’s SecurityCenter Continuous View™.

“The NIST Cybersecurity Framework is one of the most thorough and reliable cybersecurity frameworks available, but it can be challenging for CISOs to conform to these standards all the time,” said Gula. “Tenable’s NIST Cybersecurity Framework solution helps automate and simplify NIST framework adoption, giving organizations the complete visibility and critical context needed to continuously conform to NIST best practices.”

For more information on how organizations can automate the assessment and operation of more than 90 percent of NIST Cybersecurity Framework technical controls to measure conformance across the entire IT environment, visit tenable.com/solutions/nist-cybersecurity-framework.

To further explore the automation and measurement capabilities of Tenable’s NIST CSF dashboards, register for the upcoming webinar,  “Automate Simplify and Communicate NIST CSF Conformance,” at 2 p.m. ET on April 8, 2016.