U.S. Department of Health and Human Services
Security Control Assessment is the formal evaluation of a system against a defined set of controls. The guidance for security control assessments is described in NIST SP 800-53 Revision 1. This source corresponds with the security controls in NIST SP 800-53 Revision 3. Other types of system tests include self-assessments, audits, security reviews, vulnerability scanning, and penetration testing.
Page 4 of 9
System Security Testing
Security Controls Assessment