The subdivision of a Category into specific outcomes of technical and/or management activities.
Sources:
NIST SP 800-37 Rev. 2
from
NIST Cybersecurity Framework Version 1.1