NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.

Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.

U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

Technology Assessment: Methods for Measuring the Level of Computer Security

Published

Author(s)

William Neugent, John Gilligan, Lance Hoffman, Zella G. Ruthberg

Abstract

This technology assessment constitutes a summary and assessment of methods for measuring the level of computer security in computer applications, systems, and installations. The initial draft report for this document was produced in June 1981 for the National Bureau of Standards (NBS) by the System Development Corporation (SDC) as part of the NBS Computer Security and Risk Management Standards Program. The intent of that report was to provide a comprehensive assessment of the state of the art and to provide a suitable basis for producing a Federal Information Processing Standards Publication (FIPS PUB) guideline on computer security, certification, and accreditation. The FIPS PUB guideline was subsequently developed and issued as FIPS PUB 102 on September 27, 1983 and titled "Guidelines for Computer Security Certification and Accreditation." This technology assessment is now being issued as a companion foundation document to FIPS PUB 102. The initial draft report has been brought up to date by changing some methodology discussions, adding a few methodologies, referencing relevant documents that appeared in the interim, and modifying the text where appropriate.
Citation
Special Publication (NIST SP) - 500-133
Report Number
500-133
NIST Pub Series
Special Publication (NIST SP)
Pub Type
NIST Pubs

Download Paper

DOI Link

Keywords

certification and accreditation, computer security, risk assessment, technology assessment
Cybersecurity and privacy

Citation

Neugent, W. , Gilligan, J. , Hoffman, L. and Ruthberg, Z. (1985), Technology Assessment: Methods for Measuring the Level of Computer Security, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NBS.SP.500-133 (Accessed October 14, 2025)

Issues

If you have any questions about this publication or are having problems accessing it, please contact [email protected].

Created October 1, 1985, Updated November 10, 2018
Was this page helpful?