Information Security News mailing list archives
NIST revises guidelines for IT security metrics
From: InfoSec News <alerts () infosecnews org>
Date: Wed, 23 Jul 2008 02:38:57 -0500 (CDT)
http://www.gcn.com/online/vol1_no1/46698-1.html By William Jackson GCN.com 07/22/08 The National Institute of Standards and Technology has released a revised version of guidelines for developing metrics to ensure that agencies meet information technology security requirements. Special Publication 800-55, Revision 1 [1], titled "Performance Measurement Guide for Information Security," is intended to assist agencies in developing, selecting and implementing security measures used at the IT system and program levels. It uses security controls identified in NIST SP 800-53, "Recommended Security Controls for Federal Information Systems," as a basis for developing metrics that support the evaluation of IT security programs. The original version of SP 800-55 was published in 2003. Requirements for securing and evaluating IT systems are included in a number of laws, including the Clinger-Cohen Act, the Government Performance and Results Act, the Government Paperwork Elimination Act and the Federal Information Security Management Act. However, the laws do not specify how agencies are to conduct the evaluations, so the NIST document provides the necessary guidance. [1] http://csrc.nist.gov/publications/nistpubs/800-55-Rev1/SP800-55-rev1.pdf [...] _______________________________________________ Attend Black Hat USA, August 2-7 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 40 hands-on training courses and 80 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 50 nations. Visit product displays by 30 top sponsors in a relaxed setting. http://www.blackhat.com
Current thread:
- NIST revises guidelines for IT security metrics InfoSec News (Jul 23)