Appendix P: Sample Certification Test Results Matrix
Question |
Vulnerability |
ST&E Actions |
Expected Results |
Pass/Fail |
Actual Results Summary |
Document Reference |
9 |
1.2.1 Are final risk determinations and related management approvals documented and maintained on file? Federal Information Security Controls Audit Manual (FISCAM SP1) |
Review current risk assessment report. |
Program officials understand the risk to their system and determined it to be acceptable. |
P |
Final risk determinations and related management approvals are documented and maintained on file. |
ABC System risk assessment, dated August 6, 2003 |
10 |
1.2.2 Has a mission/business impact analysis been conducted? (National Institute of Standards ... |
Get Official (ISC)2® Guide to the CAP® CBK®, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.