NIST's updated 'roadmap' for cybersecurity framework launches review of metrics

The National Institute of Standards and Technology has committed to examining the use of metrics for assessing the effectiveness of cybersecurity measures as part of a proposed update to its “roadmap” document accompanying draft revisions to the NIST voluntary framework of cybersecurity standards.

“NIST is initiating a cybersecurity measurement program focusing on aligning technical measures to determine effect on high-level organizational objectives, as well as to support decision making by senior executives and oversight by boards of directors,” according to...