assessment method |
One of three types of actions (i.e., examine, interview, test) taken by assessors in obtaining evidence during an assessment. |
assessment object |
The item (i.e., specifications, mechanisms, activities, individuals) upon which an assessment method is applied during an assessment. |
assessment objective |
A set of determination statements that expresses the desired outcome for the assessment of a security control or control enhancement. |
assessment procedure |
A set of assessment objectives and an associated set of assessment methods and assessment objects. |
assessor |
See security control assessor or risk assessor. |
asset |
A major application, general support system, high impact program, physical plant, mission critical system, personnel, equipment, or a logically related group of systems. |
asset reporting format |
A format for expressing the transport format of information about assets and the relationships between assets and reports. |
assurance |
The grounds for confidence that the set of intended security controls in an information system are effective in their application. |
assurance case |
A structured set of arguments and a body of evidence showing that an information system satisfies specific claims with respect to a given quality attribute. |
assured information sharing |
The ability to confidently share information with those who need it, when and where they need it, as determined by operational need and an acceptable level of security risk. |
assured software |
Computer application that has been designed, developed, analyzed and tested using processes, tools, and techniques that establish a level of confidence in it. |
asymmetric cryptography |
See public key cryptography (PKC). |
asymmetric key |
Two related keys, a public key and a private key that are used to perform complementary operations, such as encryption and decryption or signature generation. |