Performance MNIST Special Publication 800-55 Revision 1
easurement Guide
for Information Security
Elizabeth Chew, Marianne Swanson, Kevin Stine,
Nadya Bartol, Anthony Brown, and Will Robinson
I N F O R M A T I O N S E C U R I T Y
Computer Security Division
Information Technology Laboratory
National Institute of Standards and Technology
Gaithersburg, MD 20899-8930
July 2008
U.S. Department of Commerce
Carlos M. Gutierrez, Secretary
National Institute of Standards and Technology
James M. Turner, Deputy Director
Reports on Computer Systems Technology
nd Technology
ship for the Nation’s
ce data, proof of
ductive use of
strative,
s for the cost-effective security and privacy of sensitive
unclassified information in federal computer systems. This Special Publication 800-series reports on ITL’s
research, guidelines, and outreach efforts in information security, and its collaborative activities with industry, government, and academic organizations.
The Information Technology Laboratory (ITL) at the National Institute of Standards a
(NIST) promotes the U.S. economy and public welfare by providing technical leader
measurement and standards infrastructure. ITL develops tests, test methods, referen
concept implementations, and technical analyses to advance the development and pro
information technology. ITL’s responsibilities in clude the development of management, admini
technical, and physical standards and guideline
ii Authority
This document has been developed by the National Institute of Standards and Technology (NIST) in
nagement Act
rements, and for
t such standards and
security systems. This guideline is consistent with the requirements
ency
s. Supplemental
vided in A-130, Appendix III.
y nongovernmental
tion would be
Nothing in this document should be taken to contradict standards and guidelines made mandatory and
binding on federal agencies by the Secretary of Commerce under statutory authority. Nor should these
guidelines be interpreted as altering or superse ding the existing authorities of the Secretary of
Commerce, Director of the OMB, or any other federal official.
furtherance of its statutory res ponsibilities under the Federal Information Security Ma
(FISMA) of 2002, Public Law 107-347.
NIST is responsible for developing standards and guidelines, including minimum requi
providing adequate information security for all agenc y operations and assets, bu
guidelines shall not apply to national
of the Office of Management and Budget (O MB) Circular A-130, Section 8b(3), Securing Ag
Information Systems, as analyzed in A-130, Appendix IV: Analysis of Key Section
information is pro
This guideline has been prepared for use by federal agencies. It may also be used b
organizations on a voluntary basis and is not subj ect to copyright regulations. (Attribu
appreciated by NIST.)
Certain commercial entities, equipment, or materials may be identified in this
document in order to describe an experime ntal procedure or concept adequately.
Such identification is not intended to impl y recommendation or endorsement by NIST,
nor is it intended to imply that the en materials, or equipment are necessarily the
best available for the purpose.
tities,
iii Acknowledgements
zabeth Lennon (NIST),
) who reviewed
gratefully
ciate the ma ny contributions from individua ls and organizations in the
public and private sectors whose thoughtful and constructive comments improved the quality and
usefulness of this publication.
The authors wish to thank Joan Hash (NIST), Arnold Johnson (NIST), Eli
Karen Scarfone (NIST), Kelley Dempsey (NIS T), and Karen Quigg (MITRE
drafts of this document and/or contributed to its development. The authors also
acknowledge and appre
iv TABLE OF CONTENTS
E ................... VIII
................... ......1
.........
NIST.SP.800-55r1 Performance Measurement Guide for Information Security
安全标准 >
NIST >
文档预览
中文文档
80 页
50 下载
1000 浏览
0 评论
0 收藏
3.0分
温馨提示:本文档共80页,可预览 3 页,如浏览全部内容或当前文档出现乱码,可开通会员下载原始文档
本文档由 思安 于 2022-12-05 09:20:19上传分享