Written statements from your vendors attesting that they have appropriate controls that meet the requirements you have documented. It’s only recommended to use such attestations as a last resort when a vendor refuses or is unable to provide evidence of controls or compliance. It is important to treat attestation documents as formal legal documents (such as witness statements). Falsification of an attestation is considered fraud.
From an audit perspective: Audits end with attestation, which represents the audit's results. As an example, a SOC report attests to SOC compliance. As part of a SOC 2 audit, the auditor reports whether (or not) the vendor has met the TSCs that it chose to be audited against.