The IT Law Wiki
Register
Advertisement

Definition[]

A system assessment is

[a] comprehensive assessment of the management and operational and technical security controls in an information system, made in support of security accreditation, to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements of the system.[1]

References[]

  1. FY 2011 Frequently Asked Questions on Reporting for the Federal Information Security Management Act and Agency Privacy Management, Definitions, at 25, attached to OMB Memorandum M-11-33.
Advertisement