SP 800-80 (Retired Draft)

Guide for Developing Performance Metrics for Information Security

Date Published: May 2006
Comments Due: June 19, 2006 (public comment period is CLOSED)
Email Questions to:

Planning Note (1/9/2018):

Originally posted as a draft for public comment on 5/4/2006, this document never proceeded to "final" publication. It was retired on 11/1/2008, and was superseded by SP 800-55 Rev. 1.


Author(s)

Elizabeth Chew (NIST), Alicia Clay (NIST), Joan Hash (NIST), Nadya Bartol (BAH), Anthony Brown (BAH)

Announcement

NIST's Computer Security Division has completed the initial public draft of Special Publication 800-80, Guide for Developing Performance Metrics for Information Security.

This guide is intended to assist organizations in developing metrics for an information security program. The methodology links information security program performance to agency performance. It leverages agency-level strategic planning processes and uses security controls from NIST SP 800-53, Recommended Security Controls for Federal Information Systems, to characterize security performance. To facilitate the development and implementation of information security performance metrics, the guide provides templates, including at least one candidate metric for each of the security control families described in NIST SP 800-53.

Abstract

Keywords

information security program; performance metrics; security metrics
Control Families

None selected

Documentation

Publication:
SP 800-80

Supplemental Material:
None available

Document History:
05/04/06: SP 800-80 (Draft)