The use of advanced security technologies, such as modeling and simulation in support of vulnerability assessment, has continued to find acceptance in both the operator and the regulatory realms. A critical component to gaining acceptance for modeling and simulation is employing a proven analysis process using best practices and proven tools. These processes and tools allow security managers to be responsive to changing threats and management/financial constraints by quantifying a site’s level of security under different attack scenarios and defensive configurations. Based on best practices and performance data from government agencies, modeling and simulation experts have proposed a process to compute security system effectiveness for commercial nuclear sites. This process will allow decision makers to use a risk-informed approach to quantify security risk at their sites. This also includes a formal accreditation and review process that will provide decision makers and regulators confidence into the development of the defense strategy. Providing a consistent means to assess security, using government-provided or other agreed-upon performance data, will allow sites to compare new and more cost-effective strategies directly with existing/approved strategies to perform a cost-benefit analysis and return on investment estimate.