The analysis conducted by an organizational official to determine the extent to which changes to the information system have affected the security state of the system.

Source: NIST SP 800-137 | Category: