INFORMATION SECURITY PROGRAM METRICS - 5305.9
(Revised: 06/2014)
Introduction: Performance with respect to security controls must be measured to determine whether the needs of the state entity are being met. Security metrics assist with adjustments to security controls in order to improve effectiveness.
Policy: Each state entity shall establish outcome-based metrics to measure the effectiveness and efficiency of the state entity’s information security program, and the security controls deployed.
Implementation Controls: NIST SP 800-53: System and Services Acquisition (SA); Assessment, Authorization, and Monitoring (CA) ; Contingency Planning (CP)
Revisions
No Revisions for this item.
Search Entire Manual
Print Entire SAM Manual
Please bear with us, generating the entire SAM for printing will take approximately two minutes.