Certification Test Plan and Procedures
The DCID 6/3 Process has two Test and Evaluation (T&E) Phases. During the first T&E Phase a Certification Test Plan and Test Procedures are developed. The Certification Test Plan outlines the IS certification test. It describes the test sets needed to demonstrate that the IS implements its security requirements. The plan also gives specific guidelines for conducting the tests. Certification test procedures expand the test set descriptions into step-by-step descriptions of the security requirement tests.
Most of the C&A process is conducted during T&E II. Once functional testing is complete, the security test and evaluation is conducted based on the Certification Test Plan and Test Procedures. Shortfalls and vulnerabilities are identified, and risks are analyzed. The outcome of the risk analysis is used to develop a plan to address shortfalls. The plan includes actions required to fix or work around particular shortfalls.
CygnaCom has a long history of supporting DCID 6/3 activities including creating Certification Test Plans and Procedures and conducting Certification Testing.