How Can We Help?
Body of Evidence (BoE)
What is Body of Evidence (BoE)?
In cybersecurity, the Body of Evidence (BoE) refers to the complete set of documentation and data that demonstrates an information system’s adherence to security controls. It’s essentially the collection of materials that proves a system’s security posture. This includes documentation, logs, test results, and other data related to security assessments and implementation.

More Detail
- Documentation: This includes things like security policies, procedures, and risk assessments.
- Logs: System logs, network logs, and audit logs capture events and activity on the system, providing evidence of user actions, system behavior, and potential security incidents.
- Test Results: Security testing, such as vulnerability scans and penetration tests, provide evidence of the system’s security weaknesses and strengths.
- Other Data: This can include configuration files, software versions, and other data that helps demonstrate the system’s security configuration.
- RMF (Risk Management Framework) Documentation: The BoE is often associated with the RMF, a framework used for managing security risks in information systems
The set of data that documents the information system’s adherence to the security controls applied. The BoE will include a Requirements Verification Traceability Matrix (RVTM) delineating where the selected security controls are met and evidence to that fact can be found. The BoE content required by an Authorizing Official will be adjusted according to the impact levels selected.
SOURCE: CNSSI-4009