Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Measurements for Information Security


These are current NIST research to identify meaningful metrics and measures in context to understand the effectiveness and resource needs of different cybersecurity technical measures.


Measuring Security Risk in Enterprise Networks

Methodology to measure the overall system risk by combining the attack graph structure with the Common Vulnerability Scoring System (CVSS).


Cyber Risk Analytics and Measurement

Research and prototype methods and tools to enable predictive risk analytics and identify cyber risk trends. Develop guidelines to improve the assessment and measurement of cybersecurity risks, inform management practices, and facilitate information sharing among risk owners.


Created July 01, 2020, Updated January 29, 2024