A comprehensive assessment of the management, operational, and technical security controls in an information system, made in support of security accreditation, to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security
requirements for the system.
SOURCE: FIPS 200
The process of verifying the correctness of a statement or claim and issuing a certificate as to its correctness.
SOURCE: FIPS 201
Comprehensive evaluation of the technical and nontechnical security safeguards of an information system to support the accreditation process that establishes the extent to which a particular design and implementation meets a set of specified security requirements. See Security Control Assessment.