Date Published: May 2006
Comments Due: June 19, 2006 (public comment period is CLOSED)
Email Questions to:
Planning Note (01/09/2018):
Originally posted as a draft for public comment on 5/4/2006, this document never proceeded to "final" publication. It was retired on 11/1/2008, and was superseded by SP 800-55 Rev. 1.
NIST's Computer Security Division has completed the initial public draft of Special Publication 800-80, Guide for Developing Performance Metrics for Information Security.
This guide is intended to assist organizations in developing metrics for an information security program. The methodology links information security program performance to agency performance. It leverages agency-level strategic planning processes and uses security controls from NIST SP 800-53, Recommended Security Controls for Federal Information Systems, to characterize security performance. To facilitate the development and implementation of information security performance metrics, the guide provides templates, including at least one candidate metric for each of the security control families described in NIST SP 800-53.
None selected
Publication:
SP 800-80 (pdf)
Supplemental Material:
None available
Document History:
05/04/06: SP 800-80 (Draft)
audit & accountability, general security & privacy, maintenance, planning, risk management
Laws and RegulationsE-Government Act, Federal Information Security Modernization Act, OMB Circular A-11