body of evidence (BoE)

A Body of Evidence (BoE) is a document that demonstrates compliance with the security measures of an information system. The BoE evidence includes the information where the security measures are met and where they reach their limits.

A Body of Evidence forms a record that documents the information system 's compliance with the applied security controls. The BoE record contains a Requirements Verification and Traceability Matrix (RVTM) that describes where the selected security controls are met and where evidence of compliance can be found. The content of the BoE dataset is adapted to the selected impact levels.