Term:Assurance

From FISMApedia
Revision as of 00:38, 27 October 2009 by DanPhilpott (talk) (1 revision)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

CNSSI 4009

Assurance - Measure of confidence that the security features, practices, procedures, and architecture of an IS accurately mediates and enforces the security policy.

DoDD 8581.01

Assurance - Measure of the confidence that the security features and architecture of an IS accurately mediate and enforce the security policy ( reference (h)). E2.1.2.

DoDI 8551.01

Assurance - A measure of confidence that the security features, practices, procedures and architecture of an Information Technology (IT) system accurately mediates and enforces the security ( reference (f)). E2.1.2.

NIST IR 7298

Assurance - One of the five "Security Goals." It involves support for our confidence that the other four security goals (integrity, availability, confidentiality, and accountability) have been adequately met by a specific implementation. "Adequately met" includes (1) functionality that performs correctly, (2) sufficient protection against unintentional errors (by users or software), and (3) sufficient resistance to intentional penetration or by-pass. SOURCE: SP 800-27A

NIST SP 800-27rA

Assurance - Grounds for confidence that the other four security goals (integrity, availability, confidentiality, and accountability) have been adequately met by a specific implementation. "Adequately met" includes (1) functionality that performs correctly, (2) sufficient protection against unintentional errors (by users or software), and (3) sufficient resistance to intentional penetration or by-pass.

NIST SP 800-30

Assurance - Grounds for confidence that the other four security goals (integrity, availability, confidentiality, and accountability) have been adequately met by a specific implementation. "Adequately met" includes (1) functionality that performs correctly, (2) sufficient protection against unintentional errors (by users or software), and (3) sufficient resistance to intentional penetration or bypass.

NIST SP 800-33

Assurance - Grounds for confidence that the other four security objectives (integrity, availability, confidentiality, and accountability) have been adequately met by a specific implementation. "Adequately met" includes (1) functionality that performs correctly, (2) sufficient protection against unintentional errors (by users or software), and (3) sufficient resistance to intentional penetration or by-pass.

NIST SP 800-37r1 Draft

Assurance - The grounds for confidence that the set of intended security controls in an information system are effective in their application.

NIST SP 800-53A

Assurance - The grounds for confidence that the set of intended security controls in an information system are effective in their application.

Retrieved from "http://fismapedia.org/index.php?title=Term:Assurance&oldid=33484"