HITRUST questions clarity of NIST plan for metrics to measure use of cyber framework

The Health Information Trust Alliance is criticizing as unclear and confusing a proposal by the National Institute of Standards and Technology for the use of metrics in measuring the effectiveness of the voluntary framework of cybersecurity standards.

“HITRUST understands the subject of cybersecurity measures and metrics is a difficult one and applauds NIST's attempt at addressing it in the Guide,” the group says in written comments submitted to NIST earlier this month. “However, we find the treatment as written...may...