Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Performance Measurement Guide for Information Security

Published

Author(s)

Elizabeth Chew, Marianne M. Swanson, Kevin M. Stine, N Bartol, Anthony Brown, W Robinson

Abstract

This document provides guidance on how an organization, through the use of metrics, identifies the adequacy of in-place security controls, policies, and procedures. It provides an approach to help management decide where to invest in additional security protection resources or identify and evaluate nonproductive controls. It explains the metric development and implementation process and how it can also be used to adequately justify security control investments. The results of an effective metric program can provide useful data for directing the allocation of information security resources and should simplify the preparation of performance-related reports. [Supersedes SP 800-55 (August 2003): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=50755]
Citation
Special Publication (NIST SP) - 800-55 Rev 1
Report Number
800-55 Rev 1

Keywords

information security, metrics, measures, security controls, performance, reports

Citation

Chew, E. , Swanson, M. , Stine, K. , Bartol, N. , Brown, A. and Robinson, W. (2008), Performance Measurement Guide for Information Security, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=152183 (Accessed March 28, 2024)
Created July 16, 2008, Updated February 19, 2017