CIS Logo
tagline: Confidence in the Connected World

CIS Controls Ranked as a Leading Framework in Trends in Security Framework Adoption Survey

May 10, 2016


The CIS Critical Security Controls™ for Effective Cyber Defense (CIS Controls) ranked as a leading framework in use along with the National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity in a recent survey. The Trends in Security Framework Adoption survey by Dimensional Research was conducted on behalf of Tenable Network Security® and released in March 2016. The survey queried 338 IT security professionals about the use of security frameworks. The research concluded that 84 percent used some type of security framework and most organizations surveyed used more than one security framework.

“The Tenable survey shows strong adoption of both the NIST Cybersecurity Framework [CSF] and the CIS Controls, and notes that this is not an ‘either-or’ situation. The CIS Controls complement the overarching NIST CSF with a specific action plan to focus on the most effective technical controls that stop cyber attacks,” said CIS Senior Vice President Tony Sager. “By aligning the CIS Controls with the NIST CSF, we provide an ‘on-ramp’ to rapid security improvements for enterprises in a way that can be sustained, explained, and made part of the larger corporate risk management process,” he added.

The CIS Controls are a concise, prioritized set of practices that outline what every organization should do as their first steps in cybersecurity. They have been proven to mitigate 85 percent of the most common vulnerabilities. One of the benefits of the CIS Controls is they are developed by experts based on their first-hand experience in the security field and are derived from actual threat data from a variety of public and private sources. In addition to being prioritized and relevant, the CIS Controls are updated regularly to stay in step with cybersecurity’s ever-changing threat environment.

The current version of the CIS Controls, which are aligned to NIST guidance, have been downloaded 32,838, times since October 2015. The CIS Controls are used by organizations around the world as a means to operationalize cybersecurity best practice.

Both the CIS Controls and the NIST CSF were considered as best practices in the Tenable survey. CIS has been a longstanding supporter of the NIST CSF, attending the initial public workshops and providing input to the public comment process.

The NIST CSF calls out the CIS Controls as one of the “Informative References” – a way to help users implement the CSF using an existing, supported methodology. Since its publication, CIS has made the Framework an important element of its programs, mission evolution, and messaging. CIS provides a mapping to the NIST CSF and other security frameworks on its website.

Visit Tenable's Survey Report to read the executive summary of the survey.

About Tenable Network Security

Tenable provides security solutions that deliver continuous visibility and critical context to help organizations in all sectors eliminate blind spots, prioritize threats, and reduce exposure and loss.

About the Center for Internet Security

The Center for Internet Security (CIS) is a 501(c)(3) organization dedicated to enhancing the cybersecurity readiness and response among public and private sector entities. Utilizing its strong industry and government partnerships, CIS combats evolving cybersecurity challenges on a global scale and helps organizations adopt key best practices to achieve immediate and effective defenses against cyber attacks. CIS is home to the Multi-State Information Sharing & Analysis Center (MS-ISAC), CIS Security Benchmarks, and CIS Critical Security Controls. To learn more, visit and follow us on Twitter: @CISecurity.