You need to assess the security of a specific application, network, or system - Compliance requirements mandate vulnerability assessment (PCI DSS, HIPAA) - You want a comprehensive list of technical vulnerabilities - Your security program is relatively immature and needs to address foundational issu