Security Metrics Guide for Information Technology Systems
The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) promotes the U.S. economy and public welfare by providing technical leadership for the Nation’s
measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of concept implementations, and technical analyses to advance the development and productive use of
information technology. ITL’s responsibilities include the development of management, administrative, technical, and physical standards and guidelines for the cost-effective security and privacy of sensitive
unclassified information in federal computer systems. This Special Publication 800-series reports on ITL’s research, guidelines, and outreach efforts in computer security, and its collaborative activities......