The security controls specified in the security plan are implemented by taking into account the minimum organizational assurance requirements. The security plan describes how the controls are employed within the information system and its operational environment. The security assessment plan documents the methods for testing these controls and the expected results throughout the systems life-cycle.
Certified Authorization Professional (CAP®) Candidate Information Bulletin, November 2010
As a Certified Authorization Professional (CAP®), you are expected to