Independent review and examination of records and activities to assess the adequacy of system controls, to ensure compliance with established policies and operational procedures.
SOURCE: SP 800-32SOURCE: CNSSI-4009