U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST SP 800-80 (Initial Public Draft)

Guide for Developing Performance Metrics for Information Security

Date Published: May 2006
Comments Due: June 19, 2006 (public comment period is CLOSED)
Email Questions to:

Planning Note (01/09/2018):

Originally posted as a draft for public comment on 5/4/2006, this document never proceeded to "final" publication. It was retired on 11/1/2008, and was superseded by SP 800-55 Rev. 1.


Elizabeth Chew (NIST), Alicia Clay (NIST), Joan Hash (NIST), Nadya Bartol (BAH), Anthony Brown (BAH)


NIST's Computer Security Division has completed the initial public draft of Special Publication 800-80, Guide for Developing Performance Metrics for Information Security.

This guide is intended to assist organizations in developing metrics for an information security program. The methodology links information security program performance to agency performance. It leverages agency-level strategic planning processes and uses security controls from NIST SP 800-53, Recommended Security Controls for Federal Information Systems, to characterize security performance. To facilitate the development and implementation of information security performance metrics, the guide provides templates, including at least one candidate metric for each of the security control families described in NIST SP 800-53.



information security program; performance metrics; security metrics
Control Families

None selected


SP 800-80 (pdf)

Supplemental Material:
None available

Document History:
05/04/06: SP 800-80 (Draft)