itlaw

Definition

Security

A defect check is

a way to assess determination statements. It has the following additional properties. A defect check:
  • Is stated as a test (wherever appropriate);
  • Can be automated;
  • Explicitly defines a particular desired state specification that is then compared to the corresponding actual state to determine the test result;
  • Provides information that may help determine the degree of control effectiveness/level of risk that is acceptable;
  • Suggests risk response options; and
  • Assesses a corresponding sub-capability.[1]

References

  1. NISTIR 8011, Vol. 1, at B-4.