The process of validating the effective implementation of security controls for information systems and networks, based on the organization’s security requirements.

Source: NIST SP 800-115 | Category: