Developing the Security Assessment Report
Abstract
The Security Assessment Report is the document written by independent assessors after they have finished performing security testing on the system. Vulnerabilities are reported in this report taking into consideration likelihood, impact, and threats. Security assessors need to include enough information about vulnerabilities so that ISSOs and System Owners can understand where and what the weaknesses are. With the Security Assessment Report in hand, the system owner and ISSO are armed with all the right information to formulate decisions.
Keywords
Security Assessment Report; SAR; Independent assessor; Threats; Likelihood; Impact; Threats; Authority to Operate; Interim Authority to Operate; ...
Get FISMA Compliance Handbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
