Find a pentest company with NIST CSF
39 companies have this certification
Origin of the NIST Cybersecurity Framework
The NIST Cybersecurity Framework (CSF) was developed by the National Institute of Standards and Technology, a non-regulatory agency within the U.S. Department of Commerce. It was created in response to Executive Order 13636, signed by President Obama in February 2013, which directed NIST to develop a voluntary framework to help organizations manage cybersecurity risks. The framework was first released in February 2014 after extensive collaboration between government and private sector stakeholders across critical infrastructure sectors. Version 1.1 was released in April 2018, and the most recent version 2.0 was published in February 2024.
Industry Value and Importance
The NIST CSF is highly valued because it provides a flexible, risk-based approach to cybersecurity that organizations of any size or sector can adapt to their needs. Unlike prescriptive standards, it offers a common language for understanding and managing cybersecurity risks across organizational levels, from executives to technical staff. The framework is widely adopted both domestically and internationally because it's technology-neutral, cost-effective to implement, and aligns well with other security standards and regulations. Many organizations use it to assess their cybersecurity posture, communicate about security initiatives, and demonstrate due diligence to stakeholders, partners, and regulators.
RAVUS LLC
Cybersecurity company specializing in penetration testing and vulnerability scanning; veteran-owned small business founded in 2021 with 4 employees; based in Montgomery, Alabama, United States; focuses on safeguarding systems, data, and operations with a mission-driven approach.
Bishop Fox
Bishop Fox is a private cybersecurity firm specializing in offensive security, including continuous penetration testing, red teaming, and attack surface management; 235 employees, founded in 2005, headquartered in Tempe, Arizona; $75M annual revenue, $197.1M total funding, Series B in 2022-11-15; recognized leader in pentesting and security assessments.
Truvantis, Inc.
Cybersecurity consulting firm specializing in security and privacy testing, program implementation, compliance assessments, and outsourcing; provides penetration testing services including network and small-business pentests with an offensive security focus; based in San Francisco, California, with 8 employees and $2.2M annual revenue.
eSecurity Solutions
Cybersecurity service provider based in Irvine, California; offers GRC, managed security, cyber insurance, and penetration testing services including red team and continuous testing.
Symosis Security
Symosis Security LLC. is a California-based private cybersecurity company founded in 2004, with 5 employees and $2.3M annual revenue; specializes in penetration testing, vulnerability assessments, security architecture, threat modeling, cloud security, and red teaming, serving clients with comprehensive security services and active in risk & compliance markets.
One82, LLC.
California-based IT support and cybersecurity firm specializing in penetration testing and vulnerability assessments; headquartered in Los Gatos, CA, with active security testing services.
Charles IT
Connecticut-based IT services provider specializing in cybersecurity solutions such as penetration testing; operates from Middletown, CT, with additional offices in Stamford; offers managed security services and emphasizes security assessments through dedicated pen testing offerings.
Stop wasting time on security questionnaires
ResponseHub uses AI to automate your security questionnaire responses. 100% confidence, save days, unblock deals.
Catalisto
Cybersecurity and IT services company specializing in penetration testing; provides external and internal pentest services to critical infrastructure and corporate clients; 9 employees; Founded 2018; Fort Lauderdale, FL.
I.t. Consulting St Petersburg LLC
Cybersecurity firm based in St. Petersburg, Florida; provides penetration testing services including external penetration testing and security assessments; founded in the United States with a focus on SMB cybersecurity needs.
UncommonX
Cybersecurity company headquartered in Chicago, Illinois; specializes in advanced security solutions including penetration testing, vulnerability assessments, and web application security; has achieved zero reportable breaches and offers 24/7 SOC monitoring.
Pondurance
Cybersecurity company specializing in Managed Detection and Response (MDR) services; offers penetration testing, application security testing, and red-team exercises; 84 employees, $8M revenue, founded 2008 in Indianapolis, Indiana; ranked #5,711,096 globally and #1,712,205 in the US.
Pendragon Security
Cybersecurity company specializing in penetration testing, risk management, and physical security; 2 employees with +200% YoY growth; founded 2019; headquartered in Sulphur, Louisiana, USA. Offers integrated vCISO services combining cyber, physical, and personal security expertise.
Tiro Security
Cybersecurity staffing and consulting company specializing in security assessment and penetration testing; 4 employees with 14.3% growth, $3.7M revenue; based in Henderson, Nevada, founded 2012.
HIFENCE
Cybersecurity firm based in New York, NY; specializes in penetration testing services including network, server, application, and API testing, with a focus on simulating real-world attacks to identify vulnerabilities.
Advertise on pentest.fyi
You could be here!
Blair Carlisle
Cybersecurity consulting firm specializing in technology risk, compliance, and cybersecurity advisory; headquartered in Columbus, Ohio, with a focus on penetration testing services to evaluate and improve security defenses.
Breach Craft
Cybersecurity consulting firm specializing in penetration testing, vulnerability assessments, and virtual CISO services; 3 employees with +200% YoY growth; based in Havertown, Pennsylvania, USA; founded by seasoned cybersecurity practitioners, focusing on deep industry knowledge and innovative security solutions.
Seiso
Cybersecurity company based in Gibsonia, Pennsylvania; offers penetration testing services including enterprise and targeted assessments; founded in Pennsylvania, with a focus on GRC, cloud, CMMC, and vCISO solutions.
ZAVIANT
ZAVIANT is a private IT services and consulting company specializing in data privacy, security, and risk management; with 13 employees, headquartered in Philadelphia, Pennsylvania, and offering penetration testing services as part of their cybersecurity offerings. The firm actively engages in privacy and security consulting, with recent growth and regional recognition.
The Oxman Group LLC
Computer and Network Security company based in Fort Worth, Texas; provides penetration testing, risk assessments, and executive security services; $1.7M annual revenue, founded 2013, 1-10 employees, -100% YoY growth, specializing in cybersecurity consulting and testing.
Tekzys
Cybersecurity and managed IT services provider headquartered in Dallas, Texas; offers penetration testing services to identify and mitigate vulnerabilities, supporting nationwide security needs.
ISSE Services
Defense and space manufacturing company specializing in cybersecurity engineering, monitoring, and compliance; 27 employees (+12.9% YoY growth), founded 2006, headquartered in Clearfield, Utah, United States. Provides penetration testing services to government and commercial clients, with a woman-owned small business status.
Data Pulse Tech
Cybersecurity firm based in Ashburn, Virginia, specializing in penetration testing and vulnerability research; offers comprehensive security assessments for networks, applications, and systems.
Assured Enterprises, Inc.
Cybersecurity company based in Vienna, Virginia, specializing in penetration testing services; explicitly lists troubleshooting and pentest operations on its site, confirming active pentest capabilities.
Benijah Consulting
Cybersecurity consulting firm headquartered in Brussels, Belgium; specializes in penetration testing services, explicitly offering 'Penetration tests' as part of cybersecurity audits and pentest solutions.
ThreatScene
ThreatScene is a private IT Services and IT Consulting firm specializing in cybersecurity solutions, including penetration testing, incident response, threat intelligence, and digital forensics. Founded in 2024 and headquartered in Athens, Greece, it has 15 employees and experienced 100% YoY growth. The company provides top-tier cybersecurity services to public bodies, B2B enterprises, defense, maritime, and critical infrastructure sectors, focusing on protecting organizations from evolving cyber threats.
AMARU
IT services and consulting company specializing in cybersecurity; 6 employees with 80% YoY growth; based in Auckland, New Zealand; founded 2019; offers CREST-certified penetration testing, risk assessments, security compliance, and incident response services, serving New Zealand clients.
Cypherleap
Australian cybersecurity consultancy based in Pyrmont, NSW; specializes in penetration testing services including infrastructure, web, API, and mobile pentests, with a focus on proactive security and adversarial simulations.
Cyberensic
Cyberensic is an Australian cybersecurity consultancy headquartered in Barangaroo, NSW; it specializes in tailored cybersecurity solutions and strategic security assessments. The company provides penetration testing (pentest) services, including secure ethical hacking, and is supported by an Australian ABN, with operations confirmed in Sydney, Australia.
Untapped Group
Non-profit Human Resources Services organization based in Melbourne, Australia; founded in 2017 with 9 employees, focusing on neurodiversity inclusion, training, cybersecurity, and life skills; actively advocates for neurodiverse employment and ecosystem development.
Stop wasting time on security questionnaires
ResponseHub uses AI to automate your security questionnaire responses. 100% confidence, save days, unblock deals.
GreyDetect
Cybersecurity company specializing in penetration testing services such as mobile, web application, cloud, and API testing; 5 employees with stable staffing; headquartered in Canada; focuses on data privacy, cyber risk, and ISO27001 compliance.
Coolidge Solutions
Cybersecurity and data analytics company based in Toronto, Canada; specializes in penetration testing, cybersecurity risk management, and compliance (PCI DSS, SOC 2); 2 employees, $3.57M revenue, founded 2013, with a focus on cybersecurity transformation and payment security.
Cyberometrics
Cyberometrics is a Canada-based cybersecurity firm headquartered in Toronto, Ontario, specializing in end-to-end security solutions including penetration testing, risk assessments, infrastructure hardening, compliance readiness, and 24/7 AI-powered protection; supports standards like ISO27001, SOC2, ISM3, NIST CSF, and employs tools such as Fortinet, Azure Security Center, OWASP ZAP, and Nessus.
Coral eSecure Private Limited
Canadian-based cybersecurity consulting firm specializing in penetration testing, privacy, and compliance standards; with 20+ years of experience, $10M annual revenue, and a focus on certification support for standards like SOC, NIST, HIPAA, GDPR, and ISO 27701.
Cybercontrols.io
Cybercontrols.io is a UK-based infosec consultancy providing cybersecurity and compliance services, including penetration testing, internal audits, and endpoint security; founded in 2022, with 4 employees and +300% YoY growth, headquartered in Morpeth, UK.
CyberFortis Consulting
UK-based IT and cybersecurity consulting firm specializing in penetration testing, threat intelligence, risk assessments, and compliance services; 4 employees; founded 2019; offers explicit pentest services; serves clients across UK, EU, Australia, New Zealand, and USA.
Stefanini Cyber
Brazil-based IT services and cybersecurity company specializing in managed security services, penetration testing, vulnerability analysis, and threat detection; 179 employees with a 59.9% YoY decline; recognized leader in managed security by ISG Provider Lens; part of Stefanini Group, founded in 2016, headquartered in São Paulo.
Delta Protect
Cybersecurity company specializing in pentesting, compliance, and digital risk management; 29 employees, founded 2019, headquartered in Mexico City, Mexico; offers penetration testing, vulnerability analysis, and cyber intelligence services, with 41,903 monthly visits and a global rank of #680,565.
Hkmx Sc
Mexico-based cybersecurity firm specializing in risk management, vulnerability assessment, and penetration testing; offers security strategy, compliance, and certification services aligned with ISO 27001, NIST CSF, and ISO 22301; headquartered in Monterrey, Nuevo León, Mexico.
Layer 8 Security
Cybersecurity company specializing in penetration testing and network security; 9 employees with 9.1% YoY growth, founded in 2015, based in Lima, Peru. Provides services including vulnerability assessments, impact analysis, and remediation recommendations, with a focus on pentesting and cybersecurity solutions.