1.[The] process to determine that an information system (IS) protects data and maintains functionality as intended. [INFOSEC-99]2. A process used to determine that the security features of a system are implemented as designed and that they are adequate for a proposed application environment. This process includes hands- on functional testing, penetration testing, and verification [TCSEC].See also: Functional Testing, Penetration Testing, and Verification.