By William Jackson
The National Institute of Standards and Technology has released a
revised version of guidelines for developing metrics to ensure that
agencies meet information technology security requirements.
Special Publication 800-55, Revision 1 , titled "Performance
Measurement Guide for Information Security," is intended to assist
agencies in developing, selecting and implementing security measures
used at the IT system and program levels. It uses security controls
identified in NIST SP 800-53, "Recommended Security Controls for Federal
Information Systems," as a basis for developing metrics that support the
evaluation of IT security programs. The original version of SP 800-55
was published in 2003.
Requirements for securing and evaluating IT systems are included in a
number of laws, including the Clinger-Cohen Act, the Government
Performance and Results Act, the Government Paperwork Elimination Act
and the Federal Information Security Management Act. However, the laws
do not specify how agencies are to conduct the evaluations, so the NIST
document provides the necessary guidance.
Attend Black Hat USA, August 2-7 in Las Vegas,
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.
Visit product displays by 30 top sponsors in
a relaxed setting. http://www.blackhat.com