A  |  B  |  C  |  D  |  E  |  F  |  G  |  H  |  I  |  J  |  K  |  L  |  M  |  N  |  O  |  P  |  Q  |  R  |  S  |  T  |  U  |  V  |  W  |  X  |  Y  |  Z

assessment

Abbreviation(s) and Synonym(s):

control assessment
Privacy Control Assessment
risk assessment
Risk Assessment
security control assessment
Security Control Assessment

Definition(s):

  The process of identifying risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system. Part of risk management, incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place. Synonymous with risk analysis.
Source(s):
NIST SP 800-137 under Risk Assessment CNSSI 4009

  The testing and/or evaluation of the management, operational, and technical security controls in an information system to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system.
Source(s):
CNSSI 4009-2015 under security control assessment NIST SP 800-37 Rev. 1
NIST SP 800-137 under Security Control Assessment CNSSI 4009 <span id='term-def-src-src-note-1-1-0'> - Adapted</span>
NIST SP 800-37 Rev. 1 under Security Control Assessment

  The testing or evaluation of security controls to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for an information system or organization.
Source(s):
NIST SP 800-171 Rev. 2 under security control assessment OMB Circular A-130
NIST SP 800-37 Rev. 2 under security control assessment
NIST SP 800-53 Rev. 4 under Security Control Assessment CNSSI 4009 <span id='term-def-src-src-note-2-2-0'> - Adapted</span>
NIST SP 800-53A Rev. 4 under Security Control Assessment

  The process of identifying risks to agency operations (including mission, functions, image, or reputation), agency assets, or individuals by determining the probability of occurrence, the resulting impact, and additional security controls that would mitigate this impact. Part of risk management, synonymous with risk analysis, and incorporates threat and vulnerability analyses.
Source(s):
NIST SP 800-18 Rev. 1 under Risk Assessment NIST SP 800-30

  The process of identifying risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of a system.
Source(s):
NIST SP 800-171 Rev. 2 under risk assessment NIST SP 800-30
NIST SP 800-37 Rev. 2 under risk assessment
NIST SP 800-171 Rev. 1 under risk assessment [Superseded]

  The testing and/or evaluation of the management, operational, and technical security controls in a system to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system.
Source(s):
NIST SP 800-12 Rev. 1 under Security Control Assessment NIST SP 800-37

  The process of identifying risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of a system. Part of risk management, incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place. Synonymous with risk analysis.
Source(s):
NIST SP 800-12 Rev. 1 under Risk Assessment NIST SP 800-39

  The process of identifying, estimating, and prioritizing risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system. Part of risk management, incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place. Synonymous with risk analysis.
Source(s):
CNSSI 4009-2015 under risk assessment NIST SP 800-39
NIST SP 800-30 Rev. 1 under Risk Assessment NIST SP 800-39

  See Security Control Assessment.
Source(s):
NIST SP 800-137 under Assessment
NIST SP 800-37 Rev. 1 under Assessment
NIST SP 800-39 under Assessment
NIST SP 800-53 Rev. 4 under Assessment
NIST SP 800-171 Rev. 2
NIST SP 800-171 Rev. 1 [Superseded]

  See risk analysis
Source(s):
NIST SP 800-33 under risk assessment

  The process of identifying risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system. Part of risk management, incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place.  Synonymous with risk analysis.
Source(s):
NIST SP 800-39 under Risk Assessment

  See Security Control Assessment or Privacy Control Assessment.
Source(s):
NIST SP 800-53A Rev. 4 under Assessment

  The process of identifying, estimating, and prioritizing risks to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, and other organizations, resulting from the operation of a system. It is part of risk management, incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place. Synonymous with risk analysis.
Source(s):
NIST SP 800-63-3 under Risk Assessment

  Assessment in this context means a formal process of assessing the implementation and reliable use of issuer controls using various methods of assessment (e.g., interviews, document reviews, observations) that support the assertion that an issuer is reliably meeting the requirements of [FIPS 201-2].
Source(s):
NIST SP 800-79-2 under Assessment (as applied to an issuer)

  An evaluation of the amount of entropy provided by a (digitized) noise source and/or the entropy source that employs it.
Source(s):
NIST SP 800-90B under Assessment (of entropy)

  See control assessment or risk assessment.
Source(s):
NIST SP 800-37 Rev. 2

  The testing or evaluation of the controls in an information system or an organization to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security or privacy requirements for the system or the organization.
Source(s):
NIST SP 800-37 Rev. 2 under control assessment

  See security control assessment or risk assessment.
Source(s):
CNSSI 4009-2015 NIST SP 800-30 Rev. 1
NIST SP 800-30 Rev. 1 under Assessment

  The process of identifying risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system. Part of risk management, incorporates threat and vulnerability analyses, and considers mitigations provided by security controls or privacy controls planned or in place. Synonymous with risk analysis.
Source(s):
NIST SP 800-53A Rev. 4 under Risk Assessment

  The testing and/or evaluation of the management, operational, and technical security controls to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for an information system or organization.
Source(s):
NIST SP 800-30 Rev. 1 under Security Control Assessment NIST SP 800-39, CNSSI 4009 <span id='term-def-src-src-note-19-0-1'> - Adapted</span>
NIST SP 800-39 under Security Control Assessment CNSSI 4009 <span id='term-def-src-src-note-19-1-0'> - Adapted</span>

  The process of identifying risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system. Part of risk management, incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place. Synonymous with risk analysis.
Source(s):
NIST SP 800-37 Rev. 1 under Risk Assessment
NIST SP 800-53 Rev. 4 under Risk Assessment

  The process of identifying risks to agency operations (including mission, functions, image, or reputation), agency assets, or individuals by determining the probability of occurrence, the resulting impact, and additional security controls that would mitigate this impact. Part of risk management, synonymous with risk analysis. Incorporates threat and vulnerability analyses.
Source(s):
NIST SP 800-82 Rev. 2 under Risk Assessment NIST SP 800-30
NISTIR 8183A Vol. 1 under Risk Assessment NIST SP 800-82
NISTIR 8183A Vol. 2 under Risk Assessment NIST SP 800-82
NISTIR 8183A Vol. 3 under Risk Assessment NIST SP 800-82
NISTIR 8183 under Risk Assessment

  The testing or evaluation of privacy controls to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the privacy requirements for an information system or organization.
Source(s):
NIST SP 800-53A Rev. 4 under Privacy Control Assessment

  The process of identifying risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system. Part of risk management, incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place. Synonymous with risk analysis.
Source(s):
NIST SP 800-53 Rev. 4 under Risk Assessment

  The process of identifying risks to agency operations (including mission, functions, image, or reputation), agency assets, or individuals by determining the probability of occurrence, the resulting impact, and additional security controls that would mitigate this impact. Part of risk management, synonymous with risk analysis. Incorporates threat and vulnerability analyses.
Source(s):
NISTIR 8183 under Risk Assessment NIST SP 800-82 Rev. 2

  A value that defines an analyzer's estimated level of security risk for using an app. Risk assessments are typically based on the likelihood that a detected vulnerability will be exploited and the impact that the detected vulnerability may have on the app or its related device or network. Risk assessments are typically represented as categories (e.g., low-, moderate-, and high-risk).
Source(s):
NIST SP 800-163 under Risk Assessment [Superseded]

  See risk analysis.
Source(s):
NIST SP 800-27 Rev. A under risk assessment [Withdrawn]

  The process of identifying the risks to system security and determining the probability of occurrence, the resulting impact, and additional safeguards that would mitigate this impact. Part of Risk Management and synonymous with Risk Analysis.
Source(s):
NIST SP 800-63-2 under Risk Assessment [Superseded]

  The testing or evaluation of security controls to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for a system or organization.
Source(s):
NIST SP 800-171 Rev. 1 under security control assessment [Superseded] CNSSI 4009 <span id='term-def-src-src-note-28-0-0'> - Adapted</span>

  Overall process of risk identification, risk analysis, and risk evaluation.
Source(s):
NIST SP 800-160 under risk assessment [Superseded] ISO 73