Security Test and Evaluation (ST&E)
The Security Test and Evaluation (ST&E) is an examination and analysis of the safeguards required to protect an information system, as they have been applied in an operational environment, to determine the security posture of that system. ST&E is accomplished through a variety of assurance methods such as analysis of system design documentation, inspection of test documentation, and independent execution of function testing and penetration testing.
The objective of this task is to evaluate the technical implementation of the security design and to ascertain that security software, hardware, and firmware features affecting confidentiality, integrity, availability, and accountability have been implemented as documented in the SSAA and that the features perform properly.
ST&E validates the correct implementation of identification and authentication, audit capabilities, access controls, object reuse, trusted recovery, and network connection rule compliance. Individual tests evaluate system conformance with the requirements, mission, environment, and architecture, as defined in the SSAA. Test plans and procedures should address all the security requirements and provide sufficient evidence of the amount of residual risk. These results must validate the proper integration and operation of all security features. The test results will validate the proper integration and operation of all security features.
CygnaCom Solutions has years of experience and is an industry leader in security testing activities.