Chapter 13

Reporting

Abstract

The various types of assessment reports are defined and reviewed. The Security Assessment Report and the Risk Assessment Report are the primary outputs from any assessment in the RMF process and each is defined and discussed, and sample templates are provided.

Keywords

reports
SAR
POAM
I often explain to interested people and my students that the number 1 job of any security professional is the secure the data and the number 2 job is to “report, report, and report again.” We often have to spend a great deal of time and effort in gathering the data for and producing various different kinds of reports and documents to support our security efforts. The various reporting requirements often are externally provided to ...

Get Security Controls Evaluation, Testing, and Assessment Handbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.