What is your process for validating that a system meets both customer needs and DoD security requirements?