U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

This is an archive
(replace .gov by .rip)

Performance Measurement Guide for Information Security: Pre-Draft Call for Comments
September 24, 2020

NIST is planning to update NIST Special Publication (SP) 800-55 Revision 1, Performance Measurement Guide for Information Security. For more details on an opportunity to provide input, see the Call for Comments which is open through December 10, 2020 November 19, 2020.

Even as cybersecurity-based risks and the costs of dealing with those risks are increasing, measuring cybersecurity remains an under-developed topic—one in which there is not even a standard taxonomy for terms such as “measurements” and “metrics.” Development of, and agreement on, reliable ways to measure risk and effectiveness would be a major advancement and contribution not only to the cybersecurity community but much more broadly.

Building on its previous efforts, NIST is undertaking a more focused program on measurements related to cybersecurity.  The goal is to support the development and alignment of technical measurements to determine effect of cybersecurity initiatives and responses on high-level organizational objectives that will support decision making by senior executives and oversight by boards of directors. The initiative will involve and rely upon extensive collaboration with the research, business, and government sectors, including those already offering measurement tools and services. 

Learn more about this initiative at Measurements for Information Security.

Related Topics

Security and Privacy: audit & accountability, maintenance, planning, risk management, security measurement

Laws and Regulations: OMB Circular A-130

Created September 24, 2020, Updated February 18, 2021