Information system security control assessment

Definition
Information system security control assessment is

"[t]he testing and/or evaluation of management, operational, and technical security controls in an information/application system to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system."