http://www.gcn.com/online/vol1_no1/46698-1.html



By William Jackson

GCN.com

07/22/08



The National Institute of Standards and Technology has released a 

revised version of guidelines for developing metrics to ensure that 

agencies meet information technology security requirements.



Special Publication 800-55, Revision 1 [1], titled "Performance 

Measurement Guide for Information Security," is intended to assist 

agencies in developing, selecting and implementing security measures 

used at the IT system and program levels. It uses security controls 

identified in NIST SP 800-53, "Recommended Security Controls for Federal 

Information Systems," as a basis for developing metrics that support the 

evaluation of IT security programs. The original version of SP 800-55 

was published in 2003.



Requirements for securing and evaluating IT systems are included in a 

number of laws, including the Clinger-Cohen Act, the Government 

Performance and Results Act, the Government Paperwork Elimination Act 

and the Federal Information Security Management Act. However, the laws 

do not specify how agencies are to conduct the evaluations, so the NIST 

document provides the necessary guidance. 



[1] http://csrc.nist.gov/publications/nistpubs/800-55-Rev1/SP800-55-rev1.pdf



[...]





_______________________________________________      

Attend Black Hat USA, August 2-7 in Las Vegas, 

the world's premier technical event for ICT security experts.

Featuring 40 hands-on training courses and 80 Briefings 

presentations with lots of new content and new tools.

Network with 4,000 delegates from 50 nations.  

Visit product displays by 30 top sponsors in 

a relaxed setting. http://www.blackhat.com



Received on Wed Jul 23 2008 - 00:38:57 PDT