An assessment object that includes document-based artifacts (e.g., policies, procedures, plans, system security requirements, functional specifications, and architectural designs) associated with an information system.
Sources:
NIST SP 800-137
under Specification
A document that specifies, in a complete, precise, verifiable manner, the requirements, design, behavior, or other characteristics of a system or component and often the procedures for determining whether these provisions have been satisfied. See specification requirement.
Sources:
NIST SP 800-37 Rev. 2
An assessment object that includes document-based artifacts (e.g., policies, procedures, plans, system security requirements, functional specifications, architectural designs) associated with a system.
Sources:
NIST SP 800-53A Rev. 5
The requirements for the security-relevant portion of the system.
Sources:
NIST SP 800-160v1r1
under security specification
An information item that identifies, in a complete, precise, verifiable manner, the requirements, design, behavior, or other expected characteristics of a system, service, or process.
Sources:
NIST SP 800-160v1r1
from
ISO/IEC/IEEE 15289:2019