What is the Problem:
Security functional testing on many mission-critical products is often expensive and does not provide the end-user of those products with the needed assurance since developer-based tests are proprietary.
Why is NIST Involved:
To facilitate the widespread use of secure products by the government and industry, it is necessary that the mechanism used for obtaining that security assurance – i.e., security evaluation and security functional testing be based on a public domain methodology with requisite properties such as path coverage etc.
The goal of this project is to define, specify and develop efficient and effective methodologies for security functional testing of products based on models of security function behavior.