A type of requirement describing the capability that the organization or system must provide to satisfy a stakeholder need. Note: Capability requirements relted to information security and privacy are derived from stakeholder protection needs and the corresponding security and privacy requirements.

Source: NIST SP 800-37 Rev. 2 | Category: