1. Assessment of an information technology (IT) product or system against defined security-related functional and assurance criteria, performed by a combination of testing and analytic techniques. 2. The detailed examination of a system or a product to search for vulnerabilities and to determine the extent to which the required or claimed security functions are upheld by its implementation. Note: Security functions are normally described in a System Electronic Information Security Policy, which forms the basis of the evaluation baseline. The examination may cover aspects of the development and operational environment. See also: Certification, Information Technology Security Evaluation and Certification Scheme 3. The assessment of an ITSEC system or product against defined evaluation criteria.