Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Measurements for Information Security
NIST’s Measurements for Information Security Program develops guidelines, tools, and resources to help organizations improve the quality and utility of information to support their technical and high-level decision making. The Measurement for Information Security Program aims to better equip organizations to purposefully and effectively manage their information security risk through the development of flexible approaches to the selection, assessment, and management of measures and metrics.
- SP 800-55v1 Measurement Guide for Information Security – Volume 1, Identifying and Selecting Measures provides a flexible approach to the development, selection, and prioritization of information security measures.
- SP 800-55v2 Measurement Guide for Information Security – Volume 2, Developing an Information Security Measurement Program provides a flexible methodology and workflow for developing and implementing an information security measurement program.
- In 2025 NIST Cybersecurity Risk Analytics and Measurement Team will be hosting a virtual round table to introduce the NIST’s Cybersecurity Metrics and Measures Community of Interest. The round table will feature a panel of experts to discuss the current state of information security performance metrics and measures.