RSA Survey: 72% of IT Security Professionals Say Government Should Offer Tax Incentives for NIST Framework Adoption

Tripwire Survey Examines Views of 150 Information Security Professionals at Annual Information Security Conference

Portland, OR — March 10, 2014 Tripwire, Inc., a leading global provider of risk-based security and compliance management solutions, today announced the results of a survey of over 150 attendees at the RSA Conference USA 2014 in San Francisco, California.

The National Institute of Standards and Technology (NIST) introduced a new cybersecurity framework  on February 12th, 2014. While federal contractors must demonstrate some form of adoption, the framework is completely voluntary for organizations in the private sector. When asked, “Should NIST offer tax incentives to the private sector to increase adoption of the NIST Framework,” 72 percent of survey respondents said “yes.”

“It’s encouraging that security professionals are optimistic about the potential of a tax incentive to drive adoption of NIST cybersecurity framework,” said Dwayne Melancon, chief technology officer for Tripwire. “However, in spite of the potential ‘carrot,’ I suspect a lot of private sector organizations will only pay lip service to the NIST framework until there is a ‘stick’ to motivate them. That said, there have been many discussions among private sector organizations regarding the possible use of the NIST cybersecurity framework as the ‘standard of care’ against which organizational security efforts will be measured. If corporate boards and lawyers get involved, in addition to a tax motivation, the resulting momentum could be enough to significantly change the adoption curve.”

For more information please visit


About Tripwire

Tripwire is a leading global provider of risk-based security and compliance management solutions, enabling enterprises, government agencies and service providers to effectively connect security to their business. Tripwire provides the broadest set of foundational security controls including security configuration management, vulnerability management, file integrity monitoring, log and event management. Tripwire solutions deliver unprecedented visibility, business context and security business intelligence allowing extended enterprises to protect sensitive data from breaches, vulnerabilities, and threats. Learn more at or follow us @TripwireInc on Twitter.