Security Test and Evaluation (ST&E)
The ST&E function is the active auditing part of the Navy's IS
security configuration management procedure. ST&Es gather
empirical data on individual systems and are examined by the DAA
in
the evaluation procedure. This process evaluates the
effectiveness
of in-place countermeasures against incidents that would affect
the
IS in a negative manner. If the in-place countermeasures are
inadequate, the ST&E will uncover this fact and they can then be
rectified.