PM-6: INFORMATION SECURITY MEASURES OF PERFORMANCE
PROGRAM MANAGEMENT & INDUSTRIAL CONTROL SYSTEMS
ICS Control Baselines:
- Program Management is baseline independent.
The organization develops, monitors, and reports on the results of information security measures of performance.
Measures of performance are outcome-based metrics used by an organization to measure the effectiveness or efficiency of the information security program and the security controls employed in support of the program.
ICS SUPPLEMENTAL GUIDANCE
No ICS Supplemental Guidance.
NO CONTROL ENHANCEMENTS
- NIST Special Publication 800-82
- NIST Special Publication 800-55