Control: ism-1563; Revision: 1; Updated: Jun-22; Applicability: ALL; Essential Eight: N/A
At the conclusion of a security assessment for a system, a security assessment report is produced by the assessor and covers:
- the scope of the security assessment
- the system’s strengths and weaknesses
- security risks associated with the operation of the system
- the effectiveness of the implementation of controls
- any recommended remediation actions.