The totality of evidence used to substantiate trust, trustworthiness, and risk relative to the system.
Sources:
NIST SP 800-160v1r1
The set of data that documents the information system’s adherence to the security controls applied.
Sources:
CNSSI 4009-2015