In the context of system evaluation, criteria refer to the benchmarks or standards used to assess the efficiency and effectiveness of security measures within a system. They serve as the basis for forming judgments and making decisions regarding the state of security controls and their ability to mitigate potential threats.