Chapter 12

Evidence of Assessment

Abstract

The various types of assessment and audit evidence are discussed. These include artifacts, test reports automated tool outputs, and the techniques for sampling are reviewed as well.

Keywords

evidence

artifact

sampling

types of evidence

Evidence of the test, evaluation, and assessment activities is often critical to the authorizing official in making the risk-based decision concerning the operation of the system under review. As SP 800-53A states: “Building an effective assurance case for security and privacy control effectiveness is a process that involves:

(i) Compiling evidence from a variety of activities conducted during the system development life cycle that the controls employed in the information ...

Get Security Controls Evaluation, Testing, and Assessment Handbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Security Controls Evaluation, Testing, and Assessment Handbook by Leighton Johnson

Evidence of Assessment

Abstract

Keywords

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly