NIST SP 800-55
Performance Measurement Guide for Information Security. This document is a guide for the specific development, selection, and implementation of information system-level and program level measures to indicate the implementation efficiency/effectiveness, and impact of security controls, and other security-related activities. It provides guidelines on how an organization, through the use of measures, identifies the adequacy of in-place security controls, policies, and procedures. It provides an approach to help management decide where to invest in additional information security resources, identify and evaluate nonproductive security controls, and prioritize security controls for continuous monitoring.
Alternate answers seen on other CBTs
The same question shows up worded slightly differently across CBT versions. Here are the other answer variants we've indexed.
is a standard for performance measurement for information security.
Cissp Chapters →NIST SP 800-xx Performance Measurement Guide for Information Security guidance on how an organization, through the use of metrics, identifies the adequacy of in-place security controls, policies, and procedures. It provides an approach to help management decide where to invest in additional security protection resources or identify and evaluate nonproductive controls
Nist 800 45 →