Security testing means
|“||accessing a computer, computer system, or computer network, solely for the purpose of good faith testing, investigating, or correcting, a security flaw or vulnerability, with the authorization of the owner or operator of such computer, computer system, or computer network.||”|
Security testing is
|“||[a] process used to determine that the security features of a system are implemented as designed. This includes hands-on functional testing, penetration testing, and verification.||”|
|“||[t]esting that attempts to verify that an implementation protects data and maintains functionality as intended.||”|
Such testing should be one component of an overall security program that also includes assigned security responsibilities, risk assessment, system requirements, planning, policies, and procedures. This testing includes hands-on functional testing, penetration testing, and verification.
- ↑ 17 U.S.C. §1201(j)(1)(A).
- ↑ Department of Defense, National Computer Security Center, Glossary of Computer Security Terms (NCSC-TG-004, Ver. 1) (Oct. 21, 1988).
- ↑ NIST Special Publication 800-152, at 135.