All security controls have to be tested to ensure it works as intended by authorized personnel. There are a lot of testing that are involved to ensure security controls are properly tested like vulnerability assessments, penetration testing, log reviews, code reviews, and much more. The end goal is to verify and validate independent controls per NIST 800-53 by examination.
This is a continuous program that ensures security controls are good. Security controls are parameters that has been outlined and implemented for protection against different threats and to minimize risk to property. There are numerous security controls from physical, digital, cybersecurity, and even cloud security controls, all with different methods. One can utilize frameworks and best practices from NIST database or CIS framework. General steps are to determine target systems, determine the applications, and execute vulnerability scanning and reporting for teams to review.
HansITAcademy 