Security test and evaluation is done by identifying individuals who are qualified to design and perform test in the following areas:
ADP security system software/hardware applications software telecommunications emanations security physical security personnel, procedural, and administrative security user/customer functions
These personnel then review the risk assessment for currency and accuracy, identify and analyze the nature of threats and their respective countermeasures, and design tests. They perform tests, identify discrepancies and problem areas, and provide a recommendation for accreditation.