“The National Institute of Standards and Technology (NIST) has released for public comment the initial draft of its Guide for Developing Performance Metrics for Information Security, 49 pages, PDF (SP 800-80). The guide provides a methodology for linking agencies’ IT security program performance to agency performance, “tying information security controls, implementation, efficiency and effectiveness to an agency’s success in its mission-critical activities.”