NIST Cybersecurity Framework Adoption Linked to Higher Security Confidence According to New Research

More organisations plan to adopt the NIST Cybersecurity Framework in the next 12 months than any other IT security framework, yet many struggle to implement the full range of best practices

Tenable Network, revealed that overall security confidence was higher for organisations leveraging the U.S. National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity (Cybersecurity Framework), according to findings from the Trends in Security Framework Adoption Survey (PDF).

The survey tallied responses from more than 300 U.S. security professionals from organisations of all sizes across key industry verticals to better understand the adoption patterns of the top security frameworks. While 84 percent of survey respondents reported using at least one security framework, 16 percent still do not leverage any security framework. According to survey data, the NIST Cybersecurity Framework is the most likely security framework to be adopted by organizations over the next year.

“Historically, CISOs have been hesitant to take full advantage of the NIST Cybersecurity Framework because of a high investment requirement and a lack of regulatory mandate,” said Ron Gula, CEO, Tenable Network Security. “This is changing as organisations begin to shift their mindset from moment-in-time compliance with frameworks like PCI DSS to continuous conformance with the NIST Cybersecurity Framework.”

Despite 70 percent of respondents praising the NIST Cybersecurity Framework as an industry best practice, more than 50 percent of current and future adopters said the level of investment needed in order to fully conform with the framework was high.

The lack of regulatory requirement and high perceived investment means many organizations that have already adopted the NIST Cybersecurity Framework do not implement all of its recommendations. Sixty-four percent of respondents from organisations currently using the NIST CSF reported implementing some of the NIST recommended controls, but not all of them. Similarly, 83 percent of organisations that plan to adopt the NIST Cybersecurity Framework in the next year said they will adopt some, but not all of the NIST Cybersecurity Framework controls.

To make it easier for companies and government organisations to adopt and benefit from the NIST Cybersecurity Framework, Tenable recently introduced its NIST CSF solution, which includes the industry’s first and only NIST CSF dashboards, in Tenable’s SecurityCenter Continuous View™.

“The NIST Cybersecurity Framework is one of the most thorough and reliable cybersecurity frameworks available, but it can be challenging for CISOs to conform to these standards all the time,” said Gula. “Tenable’s NIST Cybersecurity Framework solution helps automate and simplify NIST framework adoption, giving organizations the complete visibility and critical context needed to continuously conform to NIST best practices.”

For more information on how organisations can automate the assessment and operation of more than 90 percent of NIST Cybersecurity Framework technical controls to measure conformance across the entire IT environment, visit

Original research for the Trends in Security Framework Adoption Survey was commissioned by Tenable and conducted by Dimensional Research, a market research firm providing practical insights for technology companies. To view or download an executive summary of the research findings, visit