The IT Law Wiki

Security evaluation

32,080pages on
this wiki
Add New Page
Add New Page Talk0

Definition Edit

Security evaluation is

[t]he examination of the technical and nontechnical security features of a computer system and other safeguards that establishes the extent to which a particular design and implementation meet a specified set of security requirements.[1]
[a]n evaluation done to assess the degree of trust that can be placed in systems for the secure handling of sensitive information.[2]

Overview Edit

One type, a product evaluation, is an evaluation performed on the hardware and software features and assurances of a computer product from a perspective that excludes the application environment. The other type, a system evaluation, is done for the purpose of assessing a system's security safeguards with respect to a specific operational mission and is a major step in the certification and accreditation process.[3]

References Edit

  1. NIST Special Publication 800-4, App. D, Glossary.
  2. Department of Defense, National Computer Security Center, Glossary of Computer Security Terms (NCSC-TG-004, Ver. 1) (Oct. 21, 1988).
  3. Id.

Also on Fandom

Random Wiki