The process of validating the effective implementation of security controls for information systems and networks, based on the organization’s security requirements.
Sources:
NIST SP 800-115