INFORMATION SECURITY PROGRAM METRICS - 5305.9

(Revised: 06/2014)

Introduction: Performance with respect to security controls must be measured to determine whether the needs of the state entity are being met. Security metrics assist with adjustments to security controls in order to improve effectiveness.

 

Policy: Each state entity shall establish outcome-based metrics to measure the effectiveness and efficiency of the state entity’s information security program, and the security controls deployed.

Implementation Controls: NIST SP 800-53: System and Services Acquisition (SA); Security Assessment and Authorization (CA); Contingency Planning (CP)

Revisions

No Revisions for this item.

Search Entire Manual

Print Entire SAM