Security evaluation is
|“||[t]he examination of the technical and nontechnical security features of a computer system and other safeguards that establishes the extent to which a particular design and implementation meet a specified set of security requirements.||”|
|“||[a]n evaluation done to assess the degree of trust that can be placed in systems for the secure handling of sensitive information.||”|
One type, a product evaluation, is an evaluation performed on the hardware and software features and assurances of a computer product from a perspective that excludes the application environment. The other type, a system evaluation, is done for the purpose of assessing a system's security safeguards with respect to a specific operational mission and is a major step in the certification and accreditation process.