Evaluation is the technical evaluation performed as part of (and in support of) the accreditation process that establishes the extent to which a particular computer system or network design and implementation meet a pre-specified set of security requirements. The following activities can be considered as part of this remediation option:
Achieve network accreditation, often based on additional security standards that the entity must comply with in their overall course of doing business, such as Department of Defense contracting;
Conduct independent assessment (i.e., vulnerability assessment, penetration testing) with external party; and,
Conduct standardized internal audits at periodic intervals. (Note: This is also aligned closely with activities under the System and Network Management option.)