Organizations have requested guidance on measurement programs that will help them make data-driven, risk-based decisions to achieve their information security goals.
A draft update to an NIST publication offers guidance on how organizations can measure the effectiveness of their information security programs.
NIST is soliciting public comments on the draft guidance by March 18, 2024.