the minimum security controls required for safeguarding an IT systembased on its identified needs for confidentiality, integrity and/or availability protection.
Sources:
NIST SP 800-16