The premise of this year’s SafeConfig Workshop is that existing tools and methods for security assessments are necessary but insufficient for scientifically rigorous testing and evaluation of resilient and active cyber systems. For example, we contend that existing penetration testing tools, red team processes, and security testing are not able to cope with inherent nature of continuous and resilient systems. Existing tactics, techniques and procedures (TTP) by the adversary, and even existing penetration teams are often adequate to accomplish the job needed for their own specific purposes. However to increase the scientific validity, the validation of resilient systems is not a static nor one of breach of perimeter or exfiltration of data. Rather the objectives for this workshop are the exploration and discussion of scientifically sound testing regimen(s) that will continuously and dynamically probe, attack, and “test” the various resilient and active technologies. This adaptation, and change in focus necessitates at the very least modification, and at the most, wholesale new developments to ensure that resilient and agile aware security testing is available to the research community. These impediments will also include natural faults such as flooding, fire, or hardware failure, or even staff member negligence. They must also be repeatable, reproducible, subject to scientific scrutiny, measurable and meaningful to both researcher’s and practitioners. This workshop offers a unique opportunity by bringing together researchers from academia, industry as well as government agencies to discuss the challenges listed above, to exchange experiences, and to propose joint plans for promoting research and development in this area. SafeConfig is a one day forum that includes invited talks, technical presentations of peer-reviewed papers, poster/demo sessions, and joint panels on research collaboration. SafeConfig was started in 2009 and has been continuously running since then. It provides a distinct forum to explore theoretical foundations, algorithmic advances, modeling, and evaluation of configuration related challenges for large scale cyber and cyberphysical systems. This installment of SafeConfig is being run in conjunction with the CCS (Computing and Communications Security) conference, to be held October 24-28, 2016 in Vienna, Austria.