• Requirement

    Develop, monitor, and report on the results of information security and privacy measures of performance.

  • Discussion

    Measures of performance are outcome-based metrics used by an organization to measure the effectiveness or efficiency of the information security and privacy programs and the controls employed in support of the program. To facilitate security and privacy risk management, organizations consider aligning measures of performance with the organizational risk tolerance as defined in the risk management strategy.

More Info

  • Title

    Measures of Performance
  • Family

    Program Management
  • NIST 800-53B Baseline(s)

    • Privacy
  • Related NIST 800-53 ID


NIST 800-53A Assessment Guidance

CMMC Training

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!