In security and vulnerability assessment in particular, testing coverage is very important to ensure that all possible weaknesses are accounted for.
At the end, all what it takes for a hacker to get in is to find and exploit on vulnerability.
Applicability refers to the unique nature of every test plan and its applicable environment.
Test designers should understand first the systems and domains they are testing and create test plans for those systems and domains as an alternative of using or reusing generic test plans from other systems or environments.
Other terms that can be used in quality assessment related to applicability is “fitness” to refer to whether requirements and implementation fit and target initial operation goals or objectives.
In terms of cyber intelligence, applicability can track the focus of intel- ligence activities on tasks that fit the mission and avoid losing focus by spending time and effort on collecting data that, while it can be important, is irrelevant to the specific operation mission.
Detailed operational test plans should be evaluated to determine that the test-imposed conditions on the crew do not invalidate the applicability of the collected data (T&E Guide 1993).
Completeness refer to check that test plans cover all security aspects in the systems and assets under test and that no aspect is incomplete or missing.
Some of the general questions to be used as part of a checklist to answer to verify completeness (Schulmeyer 2008):
Do the requirements specified carry out the mission in a consistent fashion?
Do the requirements include the essential needs of the mission, users, operational, and maintenance communities?
Does each requirement stand alone or have clearly stated dependencies?
Is the requirements document complete with all TBDs eliminated?
Are any requirements missing?
Are necessary requirements distinguished from those “add-on” requirements?