Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Updated Information Security Performance Measurement Guide Published

The quintessential guide to evaluating the effectiveness of security controls applied to information systems and information security programs has been updated to reflect recent security advances. The National Institute of Standards and Technology published Special Publication 800-55 Revision 1, Performance Measurement Guide for Information Security, in late July.

For the past five years, SP 800-55 has provided information technology and security professionals with a process for developing, selecting and implementing performance measures to facilitate decision making, improve performance and increase accountability. The guide describes how an agency can use its information system and program security controls to succeed in achieving its mission.

The update expands upon NIST's previous work in this area. It provides additional program-level guidelines for measuring information security performance in support of organizational strategic goals. It also aligns performance measurement with the security controls in NIST SP 800-53, Recommended Security Controls for Federal Information Systems.

A PDF of the new SP 800-55 Revision 1 is available at:

Released August 6, 2008, Updated January 19, 2023