U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

Computer Security Resource Center

Computer Security Resource Center

This is an archive
(replace .gov by .rip)
    Glossary
A  |  B  |  C  |  D  |  E  |  F  |  G  |  H  |  I  |  J  |  K  |  L  |  M  |  N  |  O  |  P  |  Q  |  R  |  S  |  T  |  U  |  V  |  W  |  X  |  Y  |  Z

security assessment

Abbreviation(s) and Synonym(s):

Security Control Assessment

Definition(s):

  The testing and/or evaluation of the management, operational, and technical security controls in an information system to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system.
Source(s):
CNSSI 4009-2015 under security control assessment from NIST SP 800-37 Rev. 1
NIST SP 800-137 under Security Control Assessment from CNSSI 4009 - Adapted
NIST SP 800-37 Rev. 1 under Security Control Assessment

  The testing or evaluation of security controls to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for an information system or organization.
Source(s):
NIST SP 800-171 Rev. 2 under security control assessment from OMB Circular A-130
NIST SP 800-37 Rev. 2 under security control assessment
NIST SP 800-172 under security control assessment from OMB Circular A-130 (2016)
NIST SP 800-53 Rev. 4 under Security Control Assessment from CNSSI 4009 - Adapted
NIST SP 800-53A Rev. 4 under Security Control Assessment

  The testing and/or evaluation of the management, operational, and technical security controls in a system to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system.
Source(s):
NIST SP 800-12 Rev. 1 under Security Control Assessment from NIST SP 800-37

  See Security Control Assessment.
Source(s):
NIST SP 800-171 Rev. 2
NIST SP 800-172
NIST SP 800-53 Rev. 4 under Security Assessment
NIST SP 800-171 Rev. 1 [Superseded]

  An evaluation of the security provided by a system, device or process.
Source(s):
NIST SP 800-152 under Security assessment

  The testing and/or evaluation of the management, operational, and technical security controls to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for an information system or organization.
Source(s):
NIST SP 800-30 Rev. 1 under Security Control Assessment from NIST SP 800-39, CNSSI 4009 - Adapted
NIST SP 800-39 under Security Control Assessment from CNSSI 4009 - Adapted

  The testing or evaluation of security controls to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for a system or organization.
Source(s):
NIST SP 800-171 Rev. 1 [Superseded] under security control assessment from CNSSI 4009 - Adapted