Policy testing and analysis are important techniques for high assurance of correct specification of access control policies. We propose a set of testing and analysis techniques for access control policies and tools for empirically investigating and evaluating the proposed techniques. We propose a fault model for access control policies and investigate various fault types and their frequencies of occurrence in policy development; we develop a mutation testing framework that implements the fault model; we propose and investigate various coverage criteria for testing access control policies; we develop various test generation techniques and evaluate them using the coverage criteria and mutation testing framework; we develop a policy model to facilitate refactoring, performance optimizations, dependency identification, and other types of static analysis. To make our discussion concrete, we choose to present our techniques in the context of XACML. Note that since XACML is an application-independent, generic access control policy language, our techniques can be equally applied to test policies written in other languages.