NIST, CIS Security Frameworks See Mainstream Adoption


Security frameworks continue to see adoption, with the CIS Critical Security Controls for Effective Cyber Defense (CIS Controls) ranked as a leading framework in use, along with the National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity. An adoption survey from Dimensional Research concluded that 84% of respondents used some type of security framework, and most organizations surveyed used more than one.  “The…survey shows strong adoption of both the NIST Cybersecurity Framework [CSF] and the CIS Controls, and notes that this is not an ‘either-or’ situation. The CIS Controls complement the overarching NIST CSF with a specific action plan to focus on the most effective technical controls that stop cyber attacks,” said CIS SVP Tony Sager. “By aligning the CIS Controls with the NIST CSF, we provide an ‘on-ramp’ to rapid security improvements for enterprises in a way that can be sustained, explained, and made part of the larger corporate risk management process.”