This is a potential security issue, you are being redirected to https://csrc.nist.gov
A type of requirement describing the capability that the organization or system must provide to satisfy a stakeholder need. Note: Capability requirements relted to information security and privacy are derived from stakeholder protection needs and the corresponding security and privacy requirements.
NIST SP 800-37 Rev. 2