Guidance Documentation for Risk Assessments & Management
Risk Aspects Control Form
In the image below the Risk Aspects Control form is shown:
12) On the Tab 1) the Control Id can be a Section Id, Control or Objective.
13) The control method implement or planned should be identified.
14) The requirements for the Control or Objective are implemented then use the control Implementation checkbox and enter the date implemented.
15) The verification is the objective evidence to prove the control is implemented.
16) The CMM score is relevant to the the NIST 800-171 DoD scoring method.
17) Tab 2) Implementation Comments and Notes should be used to record additional information about the control or control methods, (e.g., Plan of Action and Milestone (POAM) dates.
18) Tab 2) Implementation Comments and Notes - add additional comments and use the Include Implementation Status Comments on Reports checkbox.
Printing the Security Systems Plan (SSP) and Plan of Action Milestones (POAM)