A measure of whether a given control is contributing to the reduction of information security or privacy risk.
Sources:
NIST SP 800-37 Rev. 2
A measure of whether a security or privacy control contributes to the reduction of information security or privacy risk.
Sources:
NIST SP 800-53 Rev. 5
NIST SP 800-53A Rev. 5