Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Guide to Information Security Testing and Assessment



Shirley M. Radack


This bulletin summarizes information disseminated in NIST Special Publication (SP) 800-115, Technical Guide to Information Security Testing and Assessment: Recommendations of the National Institute of Standards and Technology, which was written by Karen Scarfone and Murugiah Souppaya of NIST, and by Amanda Cody and Angela Orebaugh of Booz Allen Hamilton. The new guide discusses the basic technical aspects of conducting information security assessments, and presents technical testing and examination methods that an organization might use as part of an assessment. The bulletin summarizes the information in the guide to help organizations apply the technical testing and examination methods, and covers methodologies and techniques for information security assessments, phases for planning, conducting and evaluating assessments, techniques for testing and assessment, and organizational approaches to testing. The bulletin also includes NIST s recommendations to organizations for planning and implementing information security assessment activities.
ITL Bulletin -


Assessment methodology, information security, information technology, network security, risk management, security assessment, security controls, security testing, system security, system vulnerabilities, threats to systems


Radack, S. (2008), Guide to Information Security Testing and Assessment, ITL Bulletin, National Institute of Standards and Technology, Gaithersburg, MD, [online], (Accessed April 17, 2024)
Created December 18, 2008, Updated February 19, 2017