Cybersecurity Frameworks and Foundational Security Controls – a Survey of IT Security Professionals

When it comes to security framework and foundational control adoption, how do your efforts compare?

Foundational security controls are shared by many prominent security frameworks – and are an important starting point for achieving cybersecurity effectiveness and efficiency. While this is widely recognized, evidence suggests adoption of foundational controls, specifically the Center for Internet Security (CIS) Critical Security Controls 1 – 5, remains difficult.

To help you understand the state of foundational control adoption, Tenable and the Center for Internet Security co-sponsored a Dimensional Research study on the topic. Using survey data from 319 IT security decision makers at companies with more than 100 employees, this report quantifies adoption and maturity of cybersecurity frameworks and their underlying foundational security controls.

Key Findings

• Security teams are on a framework adoption journey – 80% use a security framework today
• Fewer than half (44%) have had a framework in place for more than 12 months
• Impact of frameworks – 95% have seen benefits from framework adoption
• Adoption is challenging – 95% have faced organizational or technical roadblocks
• Automation is lagging – 44% have automated fewer than 1/3 of the foundational controls