An assumption that characterizes how one expects a specific party to behave when given access to sensitive data.

Source: NIST SP 800-226 | Category: