Determination of safeguards should include
vulnerability analysis
security analysis report
applicable standards
certification and accreditation requirements (i.e., clearance levels).