This is a Hard copy of the NIST Special Publication 800-55 Rev1 NIST Special Publication (SP) 800-55. This document is a guide for the specific development, selection, and implementation of information system-level and program-level measures to indicate the implementation, efficiency/effectiveness, and impact of security controls, and other security-related activities. It provides guidelines on ho...
Paperback: 82 pages
Publisher: CreateSpace Independent Publishing Platform (February 29, 2012)
Product Dimensions: 8.5 x 0.2 x 11 inches
Amazon Rank: 6799837
Format: PDF ePub Text djvu book
- Nist epub
- Nist books
- 1470152045 epub
- pdf books
- 978-1470152048 pdf
zation, through the use of measures, identifies the adequacy of in-place security controls, policies, and procedures. It provides an approach to help management decide where to invest in additional information security resources, identify and evaluate nonproductive security controls, and prioritize security controls for continuous monitoring. It explains the measurement development and implementation processes and how measures can be used to adequately justify information security investments and support risk- based decisions. The results of an effective information security measurement program can provide useful data for directing the allocation of information security resources and should simplify the preparation of performance-related reports. Successful implementation of such a program assists agencies in meeting the annual requirements of the Office of Management and Budget (OMB) to report the status of agency information security programs. NIST Special Publication (SP) 800-55, Revision 1, expands upon NIST’s previous work in the field of information security measures to provide additional program-level guidelines for quantifying information security performance in support of organizational strategic goals. The processes and methodologies described in this document link information system security performance to agency performance by leveraging agency-level strategic planning processes. By doing so, the processes and methodologies help demonstrate how information security contributes to accomplishing agency strategic goals and objectives. Performance measures developed according to this guide will enhance the ability of agencies to respond to a variety of federal government mandates and initiatives, including FISMA. This publication uses the security controls identified in NIST SP 800-53, Recommended Security Controls for Federal Information Systems, as a basis for developing measures that support the evaluation of information security programs. In addition to providing guidelines on developing measures, the guide lists a number of candidate measures that agencies can tailor, expand, or use as models for developing other measures.1 While focused on NIST SP 800-53 security controls, the process described in this guide can be applied to develop agency-specific measures related to security controls that are not included in NIST SP 800-53. Disclaimer This hardcopy is not published by National Institute of Standards and Technology (NIST), the US Government or US Department of Commerce. The publication of this document should not in any way imply any relationship or affiliation to the above named organizations and Government.