Definition[]
Security evaluation is
“ | [t]he examination of the technical and nontechnical security features of a computer system and other safeguards that establishes the extent to which a particular design and implementation meet a specified set of security requirements.[1] | ” |
“ | [a]n evaluation done to assess the degree of trust that can be placed in systems for the secure handling of sensitive information.[2] | ” |
Overview[]
One type, a product evaluation, is an evaluation performed on the hardware and software features and assurances of a computer product from a perspective that excludes the application environment. The other type, a system evaluation, is done for the purpose of assessing a system's security safeguards with respect to a specific operational mission and is a major step in the certification and accreditation process.[3]
References[]
- ↑ NIST Special Publication 800-4, App. D, Glossary.
- ↑ Department of Defense, National Computer Security Center, Glossary of Computer Security Terms (NCSC-TG-004, Ver. 1) (Oct. 21, 1988).
- ↑ Id.