Assurance

(1) Grounds for confidence that the other four security goals (integrity, availability, confidentiality, and accountability) have been adequately met by a specific implementation. “Adequately met” includes the following: functionality that performs correctly, sufficient protection against unintentional errors (by users or software), and sufficient resistance to malicious penetration or bypass. (2) A measure of confidence that the security features and architecture of an AIS accurately mediate and enforce the security policy. (3) A measure of confidence that the security features and architecture of an AIS accurately mediate and enforce the security policy. Note: Assurance refers to a basis for believing that the objective and approach of a security mechanism or service will be achieved. Assurance is generally based on factors such as analysis involving theory, testing, software engineering, validation, and verification. Lifecycle assurance requirements provide a framework for secure system design, implementation, and maintenance. The level of assurance that a deMeasure of confidence that the security features, practices, procedures, and architecture of an information system accurately mediates and enforces the security policy. The degree of confidence that security needs are satisfied. Assurance must be continually maintained, updated, and reverified.