Chapter 13



The various types of assessment reports are defined and reviewed. The Security Assessment Report and the Risk Assessment Report are the primary outputs from any assessment in the RMF process and each is defined and discussed, and sample templates are provided.


I often explain to interested people and my students that the number 1 job of any security professional is the secure the data and the number 2 job is to “report, report, and report again.” We often have to spend a great deal of time and effort in gathering the data for and producing various different kinds of reports and documents to support our security efforts. The various reporting requirements often are externally provided to ...

Get Security Controls Evaluation, Testing, and Assessment Handbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.