The National Institute of Standards and Technology has released the initial public draft of its Special Publication 800-80 titled Guide for Developing Performance Metrics for Information Security. NIST is inviting public comment on the guidance, which provides a methodology for linking information security program performance to agency performance. It is a companion guide to SP 800-55, titled Security Metrics for Information Technology Systems, and uses security controls spelled out in a third NIST publication, SP 800-53 Recommended Security Controls for Federal Information Systems.

The publications are intended to help agencies comply with government mandates, including the Federal Information Security management Act and the President’s Management Agenda. They offer templates and candidate metrics to facilitate implementation for each of the 17 control families identified in SP 800-53. The goal is for agencies to provide the appropriate level of protection for IT systems, recognizing that information security has become an essential business function for agencies. “The guide describes the information security performance metrics development process as a means for tying information security controls implementation, efficiency and effectiveness to an agency’s success in its mission-critical activities,

The link for this article located at Government Computer News is no longer available.