An intentional but unauthorized act resulting in the modification of a system, components of systems, its intended behavior, or data.
Sources:
CNSSI 4009-2015
from
DHS Information Technology Sector Baseline Risk Assessment - Adapted
NIST SP 800-160v1r1
NIST SP 800-53 Rev. 5
from
CNSSI 4009-2015