The IT Law Wiki

Definition[]

Actual state is

[t]he observable state or behavior of an assessment object (device, software, person, credential, account, etc.) at the point in time when the collector generates security-related information. In particular, the actual state includes the states or behaviors that might indicate the presence of security defects.[1]

References[]

  1. NISTIR 8011, Vol. 1, at B-1.