Formal description and evaluation of the vulnerabilities in an information system.
Source(s):
NIST SP 800-137
under Vulnerability Assessment
from
CNSSI 4009
NIST SP 800-18 Rev. 1
under Vulnerability Assessment
from
CNSSI 4009
Systematic examination of an information system or product to determine the adequacy of security measures, identify security deficiencies, provide data from which to predict the effectiveness of proposed security measures, and confirm the adequacy of such measures after implementation.
Source(s):
CNSSI 4009-2015
under vulnerability assessment
NIST SP 800-30 Rev. 1
under Vulnerability Assessment
from
CNSSI 4009
NIST SP 800-37 Rev. 2
under vulnerability assessment
from
CNSSI 4009-2015
NIST SP 800-39
under Vulnerability Assessment
from
CNSSI 4009
NIST SP 800-53 Rev. 5
under vulnerability assessment
from
CNSSI 4009-2015
NIST SP 800-53A Rev. 5
under vulnerability assessment
from
CNSSI 4009-2015
NISTIR 7622
under Vulnerability Assessment
from
CNSSI 4009
See vulnerability assessment.
Source(s):
CNSSI 4009-2015
NIST SP 800-53 Rev. 5
NIST SP 800-53A Rev. 5
Systematic examination of a system or product or supply chain element to determine the adequacy of security measures, identify security deficiencies, provide data from which to predict the effectiveness of proposed security measures, and confirm the adequacy of such measures after implementation.
Source(s):
NIST SP 800-161r1
under vulnerability assessment
from
NIST SP 800-53 Rev. 5 - adapted