Security Assessment Report

Write a well-reasoned, substantive response to “A” and “B” below
Write a well-reasoned, substantive response to “C” below

A. Based on this week’s reading, discuss the Security Assessment Report (SAR)
a. What is the purpose of the SAR?
b. What are the key elements of information contained in a SAR?

B. Evaluate best practices for utilizing a Security Assessment Report (SAR)
a. Develop a recommendation and a rationale for whether the SAR should be a static, one-time document, or a “living” document?
b. As the Security Controls Assessor, describe how you and your organization would utilize the SAR in the NIST RMF process?

C. Review CAP Domain: Security Assessment
a. Analyze the role of the Security Control Assessor (SCA) in the assessment process.
b. What is the role of the SCA? What are the SCA duties and responsibilities?