NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.

Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.

U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

IT Security Metrics (ITL Bulletin)

Published

Author(s)

Elizabeth B. Lennon

Abstract

This ITL Bulletin summarizes the recently published NIST Special Publication (SP) 800-55, Security Metrics Guide for Information Technology Systems, by Marianne Swanson, Nadya Bartol, John Sabato, Joan Hash, and Laurie Graffo. NIST SP 800-55 provides guidance for IT managers and security professionals at all levels, inside and outside of government. The document describes the development and implementation of an IT security metrics program and provides examples of metrics based on the critical elements and security controls and techniques contained in NIST SP 800-26, Security Self-Assessment Guide for Information Technology Systems.
Citation
IT Security Metrics (ITL Bulletin)
Pub Type
Others

Download Paper

Local Download

Keywords

IT security, metrics, security metrics
Cybersecurity and privacy

Citation

Lennon, E. (2003), IT Security Metrics (ITL Bulletin), IT Security Metrics (ITL Bulletin), [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=150707 (Accessed October 14, 2025)

Issues

If you have any questions about this publication or are having problems accessing it, please contact [email protected].

Created August 4, 2003, Updated February 19, 2017
Was this page helpful?