[2/27/24, 11:00 AM EST] CSRC has been experiencing technical issues. If you are unable to access a CSRC page or resource, or get a 503 error, please try reloading the page several times--it may help to wait a few minutes before trying again. We apologize for the inconvenience, and hope to have a solution in place next week.
These are current NIST research to identify meaningful metrics and measures in context to understand the effectiveness and resource needs of different cybersecurity technical measures.
Methodology to measure the overall system risk by combining the attack graph structure with the Common Vulnerability Scoring System (CVSS).
Research and prototype methods and tools to enable predictive risk analytics and identify cyber risk trends. Develop guidelines to improve the assessment and measurement of cybersecurity risks, inform management practices, and facilitate information sharing among risk owners.