Date Published: May 2006
Comments Due:
Email Questions to:
Planning Note (01/09/2018):
Originally posted as a draft for public comment on 5/4/2006, this document never proceeded to "final" publication. It was retired on 11/1/2008, and was superseded by SP 800-55 Rev. 1.
Author(s)
Elizabeth Chew (NIST), Alicia Clay (NIST), Joan Hash (NIST), Nadya Bartol (BAH), Anthony Brown (BAH)
Announcement
NIST's Computer Security Division has completed the initial public draft of Special Publication 800-80, Guide for Developing Performance Metrics for Information Security.
This guide is intended to assist organizations in developing metrics for an information security program. The methodology links information security program performance to agency performance. It leverages agency-level strategic planning processes and uses security controls from NIST SP 800-53, Recommended Security Controls for Federal Information Systems, to characterize security performance. To facilitate the development and implementation of information security performance metrics, the guide provides templates, including at least one candidate metric for each of the security control families described in NIST SP 800-53.
This publication focuses on developing and implementing information security metrics for an information security program. The processes and methodologies described in this guidance link information security performance to agency performance by leveraging agency-level strategic planning processes. The performance metrics developed according to this guide will enhance the ability of agencies to respond to a variety of federal government mandates and initiatives, including the Federal Information Security Management Act (FISMA) and the President’s Management Agenda (PMA). This guidance document is a companion guide to NIST SP 800-55, Security Metrics for Information Technology Systems, using processes and methodologies described in NIST SP 800-55 as a starting point. While focused on NIST SP 800-53 controls, the process described in this guide can be applied to develop agency-specific metrics that may be outside of the scope of SP 800-53.
This publication focuses on developing and implementing information security metrics for an information security program. The processes and methodologies described in this guidance link information security performance to agency performance by leveraging agency-level strategic planning processes....
See full abstract
This publication focuses on developing and implementing information security metrics for an information security program. The processes and methodologies described in this guidance link information security performance to agency performance by leveraging agency-level strategic planning processes. The performance metrics developed according to this guide will enhance the ability of agencies to respond to a variety of federal government mandates and initiatives, including the Federal Information Security Management Act (FISMA) and the President’s Management Agenda (PMA). This guidance document is a companion guide to NIST SP 800-55, Security Metrics for Information Technology Systems, using processes and methodologies described in NIST SP 800-55 as a starting point. While focused on NIST SP 800-53 controls, the process described in this guide can be applied to develop agency-specific metrics that may be outside of the scope of SP 800-53.
Hide full abstract
Keywords
information security program; performance metrics; security metrics
Control Families
None selected
