Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Glossary

A  |  B  |  C  |  D  |  E  |  F  |  G  |  H  |  I  |  J  |  K  |  L  |  M  |  N  |  O  |  P  |  Q  |  R  |  S  |  T  |  U  |  V  |  W  |  X  |  Y  |  Z  |  Symbols

Assessment

Acronym(s):

None

Definition(s):

  See security control assessment or risk assessment.
Source(s): CNSSI 4009-2015 (NIST SP 800-30 Rev. 1)

Synonym(s):
Security Control Assessment
  The testing and/or evaluation of the management, operational, and technical security controls in an information system to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system.
Source(s): CNSSI 4009-2015 NIST SP 800-137 NIST SP 800-37 Rev. 1   The testing or evaluation of security controls to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for an information system or organization.
Source(s): NIST SP 800-171 NIST SP 800-53 Rev. 4 NIST SP 800-53A Rev. 4   The testing and/or evaluation of the management, operational, and technical security controls to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for an information system or organization.
Source(s): NIST SP 800-39 NIST SP 800-30
Privacy Control Assessment
  The testing or evaluation of privacy controls to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the privacy requirements for an information system or organization.
Source(s): NIST SP 800-53A Rev. 4
See Also: