We would like to be able to perform security assessments for: new software to decide if it meets our security requirements; existing software to see if there are any security flaws that need corrected.
This would ideally be in relation to the NIST800-53 controls or similar catalog.
Thanks!