The Health Information Trust Alliance is criticizing as unclear and confusing a proposal by the National Institute of Standards and Technology on the use of metrics in measuring the effectiveness of the voluntary framework of cybersecurity standards. Specifically, the group takes issue with NIST's use of certain examples in offering its approach to metrics and in the proposal's approach to measurements that HITRUST argues could be viewed as metrics. “HITRUST understands the subject of cybersecurity measures and metrics is a...