The IT Law Wiki
Register
Advertisement

Definition[]

Security evaluation is

[t]he examination of the technical and nontechnical security features of a computer system and other safeguards that establishes the extent to which a particular design and implementation meet a specified set of security requirements.[1]
[a]n evaluation done to assess the degree of trust that can be placed in systems for the secure handling of sensitive information.[2]

Overview[]

One type, a product evaluation, is an evaluation performed on the hardware and software features and assurances of a computer product from a perspective that excludes the application environment. The other type, a system evaluation, is done for the purpose of assessing a system's security safeguards with respect to a specific operational mission and is a major step in the certification and accreditation process.[3]

References[]

  1. NIST Special Publication 800-4, App. D, Glossary.
  2. Department of Defense, National Computer Security Center, Glossary of Computer Security Terms (NCSC-TG-004, Ver. 1) (Oct. 21, 1988).
  3. Id.
Advertisement