← Back to catalog
PM-6
Measures of Performance
Program Management (PM)
Baselines
Low · Not includedModerate · Not includedHigh · Not included
Description
Develop, monitor, and report on the results of information security and privacy measures of performance.
Discussion
Measures of performance are outcome-based metrics used by an organization to measure the effectiveness or efficiency of the information security and privacy programs and the controls employed in support of the program. To facilitate security and privacy risk management, organizations consider aligning measures of performance with the organizational risk tolerance as defined in the risk management strategy.
Implementation guidance
No content available.
CSF 2.0 crosswalk
GV.OV-03Organizational cybersecurity risk management performance is evaluated and reviewed for adjustments neededGovern