Per NIST SP 800-171A, an assessment or “security control assessment” means:
“The testing or evaluation of security controls to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for a system or organization.”
The CMMC Program definition in 32 CFR Part 170 defines an assessment as:
“The testing or evaluation of security controls to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for an information system or organization, as defined in §170.15 to §170.18.
Source: §170.4, Acronyms & Definitions
Social Contact