Security Functionality is typically defined in terms of what?

Security functionality is defined by the security features, functions, mechanisms, services, procedures, and architectures implemented within organizational information systems or their environments. This encompasses the full range of protective capabilities the system can provide, such as authentication, access control, encryption, auditing and monitoring, secure configurations, and incident response. Regulatory compliance requirements describe what must be met, but they don’t specify the actual protective capabilities of the system. Physical security measures and user access controls are important parts of security, but they represent only pieces of the overall functionality; the concept covers the complete set of protective measures built into and around the information systems.