Purpose: Determine if the controls are
implemented correctly, operating as intended, and producing the desired outcome with respect
to meeting the security and privacy requirements for the system and the organization.
Outcomes:
NIST SP 800-53A, Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans
NISTIR 8011, Automation Support for Security Control Assessments: Multiple Volumes
Security and Privacy: general security & privacy, privacy, risk management, security measurement, security programs & operations
Laws and Regulations: E-Government Act, Federal Information Security Modernization Act