Security Test & Evaluation

The Security Test and Evaluation (ST&E) is an examination and analysis of the safeguards required to protect an information system, as they have been applied in an operational environment, to determine the security posture of that system. The ST&E is accomplished through a variety of assurance methods such as analysis of system design documentation, inspection of test documentation, and independent execution of function testing and penetration testing. The objective of this task is to evaluate the managerial, operational, and technical security control implementations of the security design and to ascertain that these controls are functioning properly and effectively.

Security Advisers uses the ST&E to validate the correct implementation of identification and authentication, audit capabilities, access controls, object reuse, trusted recovery, and network connection rule compliance. Individual tests evaluate system conformance with regulatory requirements, the entity mission, environment, and architecture. Our test plans and procedures address the total security requirements and provide sufficient evidence of the amount of residual risk to validate the proper integration and operation of all security controls.

The ST&E is often the point where we determine that the NIST 800-53 Security Controls are insufficient for high-value asset compositions. Assets with a Security Categorization of Critical or High, or Moderate for Confidentiality, Integrity, and Availability must sometimes be provided with Supplemental Control Sets. Security Advisers will engineer the appropriate Security Controls, and then rigorously test those controls for effectiveness and appropriateness.

If you would like more information about Security Advisers' Security Test & Evaluation, please email or call us at 410-867-6329.

Tel: 410-867-6329 | Headquarters: 1517 Bay Drive, Shady Side, Maryland 20764