Chew, E.
, Swanson, M.
, Stine, K.
, Bartol, N.
, Brown, A.
and Robinson, W.
(2008),
Performance Measurement Guide for Information Security, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=152183
(Accessed October 27, 2025)
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Performance Measurement Guide for Information Security
Published
Author(s)
, , , N Bartol, Anthony Brown, W Robinson
Abstract
This document provides guidance on how an organization, through the use of metrics, identifies the adequacy of in-place security controls, policies, and procedures. It provides an approach to help management decide where to invest in additional security protection resources or identify and evaluate nonproductive controls. It explains the metric development and implementation process and how it can also be used to adequately justify security control investments. The results of an effective metric program can provide useful data for directing the allocation of information security resources and should simplify the preparation of performance-related reports. [Supersedes SP 800-55 (August 2003): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=50755]Citation
Special Publication (NIST SP) - 800-55 Rev 1
Report Number
800-55 Rev 1
NIST Pub Series
Pub Type
NIST Pubs
Supercedes Publication
Download Paper
Keywords
information security, metrics, measures, security controls, performance, reports
Citation
Issues
If you have any questions about this publication or are having problems accessing it, please contact [email protected].
Created July 16, 2008, Updated February 19, 2017