Term:Security Assessment Report

From FISMApedia
Jump to: navigation, search

NIST IR 7328 Draft

Security Assessment Report - The document that the assessment team develops to report the results of the security control assessment. The assessment team reports, for each assessment procedure performed, whether each determination statement in an assessment procedural step was "satisfied" or "other than satisfied." In the latter case, the assessment team indicates which parts of the security control were affected by the finding, describes how the control differs from the planned or expected state, and notes any potential compromises to confidentiality, integrity, and availability due to the "other than satisfied" result.