security control assessment

A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

Abbreviations / Acronyms / Synonyms:

assessment

CNSSI 4009-2015, NIST SP 800-171 Rev. 2, NIST SP 800-172A

Assessment

NIST SP 800-137, NIST SP 800-30 Rev. 1, NIST SP 800-39

security assessment

Security Assessment

Definitions:

  The testing and/or evaluation of the management, operational, and technical security controls in an information system to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system.
Sources:
CNSSI 4009-2015
NIST SP 800-137 under Security Control Assessment from CNSSI 4009 - Adapted

  The testing or evaluation of security controls to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for an information system or organization.
Sources:
NIST SP 800-172 from OMB Circular A-130 (2016)
NIST SP 800-172A from OMB Circular A-130 (2016)
NIST SP 800-37 Rev. 2 from OMB Circular A-130 (2016)
NIST SP 800-171 Rev. 2 from OMB Circular A-130 (2016)

  The testing and/or evaluation of the management, operational, and technical security controls in a system to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system.
Sources:
NIST SP 800-12 Rev. 1 under Security Control Assessment

  See Security Control Assessment.
Sources:
NIST SP 800-137 under Assessment
NIST SP 800-172 under assessment
NIST SP 800-172 under security assessment
NIST SP 800-39 under Assessment
NIST SP 800-171 Rev. 2 under assessment
NIST SP 800-171 Rev. 2 under security assessment

  See control assessment or risk assessment.
Sources:
NIST SP 800-37 Rev. 2 under assessment
NIST SP 800-53 Rev. 5 under assessment
NIST SP 800-53A Rev. 5 under assessment

  See security control assessment or risk assessment.
Sources:
CNSSI 4009-2015 under assessment from NIST SP 800-30 Rev. 1
NIST SP 800-30 Rev. 1 under Assessment

  The testing and/or evaluation of the management, operational, and technical security controls to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for an information system or organization.
Sources:
NIST SP 800-30 Rev. 1 under Security Control Assessment from NIST SP 800-39, CNSSI 4009 - Adapted
NIST SP 800-39 under Security Control Assessment from CNSSI 4009 - Adapted

  A completed or planned action of evaluation of an organization, a mission or business process, or one or more systems and their environments; or
Sources:
NIST SP 800-137A under assessment

  The vehicle or template or worksheet that is used for each evaluation.
Sources:
NIST SP 800-137A under assessment

Glossary Comments

Comments about specific definitions should be sent to the authors of the linked Source publication. For NIST publications, an email is usually found within the document.

Comments about the glossary's presentation and functionality should be sent to secglossary@nist.gov.

See NISTIR 7298 Rev. 3 for additional details.