NIST finalizes two-volume publication on measuring effectiveness of adopting information security measures

The National Institute of Standards and Technology has updated its foundational guidance on measuring the effectiveness of adopting information security measures, through a two-volume publication that offers assistance on achieving the desired results from an assessment and establishing a formal program.

“NIST Special Publication (SP) 800-55v1 (Volume 1) is a flexible guide for developing and selecting information security measures at the organization, mission/business, and system levels to identify the success of in-place policies, procedures, and controls. This document expands on...