Introduction
What is an assessment?
An assessment of a system or application is the process of reviewing, testing, and evaluating the components, documentation, and all parameters of this system or application for the purpose of ensuring it is as secure as possible, within an organization’s risk tolerance, while it is operational and being utilized for its intended purpose.
As SP 800-53A on page 9 says, “An assessment procedure consists of a set of assessment objectives, each with an associated set of potential assessment methods and assessment objects. An assessment objective includes a set of determination statements related to the particular security or privacy control under assessment. The determination statements are linked to the content ...
Get Security Controls Evaluation, Testing, and Assessment Handbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
