Criteria related to a supplier’s ability to conform to security-relevant laws, directives, regulations, policies, or business processes; a supplier’s ability to deliver the requested product or service in satisfaction of the stated security requirements and in conformance with secure business practices; the ability of a mechanism, system element, or system to meet its security requirements; whether movement from one life cycle stage or process to another (e.g., to accept a baseline into configuration management, to accept delivery of a product or service) is acceptable in terms of security policy; how a delivered product or service is handled, distributed, and accepted; how to perform security verification and validation; or how to store system elements securely in disposal.

Source: NIST SP 800-160 Vol. 2 | Category: