< Previous | Contents | Next >

Exit

Assess Controls

Security Control Assessment (SCA)
& Security Test and Evaluation (ST&E)

An SCA is the formal evaluation of a system against a defined set of controls


It is conducted in conjunction with or independently of a full ST&E, which is performed as part of the security authorization.


The SCA and ST&E will evaluate the implementation (or planned implementation) of controls as defined in the SSP. The results are the risk assessment report. This report will document the system’s areas of risk.


Types of system tests conducted include audits, security reviews, vulnerability scanning, and penetration testing.

Testing