Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

A  |  B  |  C  |  D  |  E  |  F  |  G  |  H  |  I  |  J  |  K  |  L  |  M  |  N  |  O  |  P  |  Q  |  R  |  S  |  T  |  U  |  V  |  W  |  X  |  Y  |  Z

assessment

Abbreviation(s) and Synonym(s):

Privacy Control Assessment
Risk Assessment
security control assessment
Security Control Assessment

Definition(s):

  See Security Control Assessment.
Source(s):
NIST SP 800-137 under Assessment
NIST SP 800-37 Rev. 1 under Assessment
NIST SP 800-39 under Assessment
NIST SP 800-53 Rev. 4 under Assessment
NIST SP 800-171 Rev. 1

  See Security Control Assessment or Privacy Control Assessment.
Source(s):
NIST SP 800-53A Rev. 4 under Assessment

  See Security Control Assessment or Risk Assessment.
Source(s):
NIST SP 800-30 Rev. 1 under Assessment

  Assessment in this context means a formal process of assessing the implementation and reliable use of issuer controls using various methods of assessment (e.g., interviews, document reviews, observations) that support the assertion that an issuer is reliably meeting the requirements of [FIPS 201-2].
Source(s):
NIST SP 800-79-2 under Assessment (as applied to an issuer)

  An evaluation of the amount of entropy provided by a (digitized) noise source and/or the entropy source that employs it.
Source(s):
NIST SP 800-90B under Assessment (of entropy)

  The testing or evaluation of privacy controls to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the privacy requirements for an information system or organization.
Source(s):
NIST SP 800-53A Rev. 4 under Privacy Control Assessment

  The process of identifying risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system. Part of risk management, incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place. Synonymous with risk analysis.
Source(s):
NIST SP 800-37 Rev. 1 under Risk Assessment
NIST SP 800-53 Rev. 4 under Risk Assessment

  The process of identifying the risks to system security and determining the probability of occurrence, the resulting impact, and additional safeguards that would mitigate this impact. Part of Risk Management and synonymous with Risk Analysis.
Source(s):
NIST SP 800-63-2 under Risk Assessment [Superseded]

  The process of identifying risks to agency operations (including mission, functions, image, or reputation), agency assets, or individuals by determining the probability of occurrence, the resulting impact, and additional security controls that would mitigate this impact. Part of risk management, synonymous with risk analysis. Incorporates threat and vulnerability analyses.
Source(s):
NIST SP 800-82 Rev. 2 under Risk Assessment (NIST SP 800-30)

  A value that defines an analyzer's estimated level of security risk for using an app. Risk assessments are typically based on the likelihood that a detected vulnerability will be exploited and the impact that the detected vulnerability may have on the app or its related device or network. Risk assessments are typically represented as categories (e.g., low-, moderate-, and high-risk).
Source(s):
NIST SP 800-163 under Risk Assessment

  The process of identifying risks to agency operations (including mission, functions, image, or reputation), agency assets, or individuals by determining the probability of occurrence, the resulting impact, and additional security controls that would mitigate this impact. Part of risk management, synonymous with risk analysis, and incorporates threat and vulnerability analyses.
Source(s):
NIST SP 800-18 Rev. 1 under Risk Assessment (NIST SP 800-30)

  The process of identifying risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system. Part of risk management, incorporates threat and vulnerability analyses, and considers mitigations provided by security controls or privacy controls planned or in place. Synonymous with risk analysis.
Source(s):
NIST SP 800-53A Rev. 4 under Risk Assessment

  The process of identifying, estimating, and prioritizing risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system. Part of risk management, incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place. Synonymous with risk analysis.
Source(s):
NIST SP 800-30 Rev. 1 under Risk Assessment (NIST SP 800-39)

  The process of identifying risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of a system. Part of risk management, incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place. Synonymous with risk analysis.
Source(s):
NIST SP 800-12 Rev. 1 under Risk Assessment (NIST SP 800-39)

  The process of identifying risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system. Part of risk management, incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place. Synonymous with risk analysis.
Source(s):
NIST SP 800-137 under Risk Assessment (CNSSI 4009)

  The testing and/or evaluation of the management, operational, and technical security controls in an information system to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system.
Source(s):
NIST SP 800-137 under Security Control Assessment (CNSSI 4009 - Adapted)
NIST SP 800-37 Rev. 1 under Security Control Assessment

  The testing or evaluation of security controls to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for an information system or organization.
Source(s):
NIST SP 800-53 Rev. 4 under Security Control Assessment (CNSSI 4009 - Adapted)
NIST SP 800-53A Rev. 4 under Security Control Assessment

  The testing and/or evaluation of the management, operational, and technical security controls to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for an information system or organization.
Source(s):
NIST SP 800-30 Rev. 1 under Security Control Assessment (NIST SP 800-39, CNSSI 4009 - Adapted)
NIST SP 800-39 under Security Control Assessment (CNSSI 4009 - Adapted)

  The testing and/or evaluation of the management, operational, and technical security controls in a system to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system.
Source(s):
NIST SP 800-12 Rev. 1 under Security Control Assessment (NIST SP 800-37)

  See security control assessment or risk assessment.
Source(s):
CNSSI 4009-2015 (NIST SP 800-30 Rev. 1)

  The process of identifying risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system. Part of risk management, incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place. Synonymous with risk analysis.
Source(s):
NIST SP 800-53 Rev. 4 under Risk Assessment

  The process of identifying risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system. Part of risk management, incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place.  Synonymous with risk analysis.
Source(s):
NIST SP 800-39 under Risk Assessment

  The process of identifying, estimating, and prioritizing risks to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, and other organizations, resulting from the operation of a system. It is part of risk management, incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place. Synonymous with risk analysis.
Source(s):
NIST SP 800-63-3 under Risk Assessment

  The process of identifying risks to agency operations (including mission, functions, image, or reputation), agency assets, or individuals by determining the probability of occurrence, the resulting impact, and additional security controls that would mitigate this impact. Part of risk management, synonymous with risk analysis. Incorporates threat and vulnerability analyses.
Source(s):
NISTIR 8183 under Risk Assessment (NIST SP 800-82 Rev. 2)