Monday, May 08, 2006

NIST issues draft guidance for IT security metrics

William Jackson, Government Computer News

The National Institute of Standards and Technology has released the initial public draft of its Special Publication 800-80 titled Guide for Developing Performance Metrics for Information Security.

NIST is inviting public comment on the guidance, which provides a methodology for linking information security program performance to agency performance. It is a companion guide to SP 800-55, titled Security Metrics for Information Technology Systems, and uses security controls spelled out in a third NIST publication, SP 800-53 Recommended Security Controls for Federal Information Systems.

If you have an opinion as to how security performance should be linked to agency performance, now is the time to make your views known.

No comments: