A form of risk assessment that models aspects of the attack and defense sides of a logical entity, such as a piece of data, an application, a host, a system, or an environment.

Source: NIST SP 800-53 Rev. 5 | Category: