The following elements are included in security and privacy assessment reports:51
•Information system name;
•Security categorization;
•Site(s) assessed and assessment date(s);
•Assessor’s name/identification;
•Previous assessment results (if reused);
•Security/privacy control or control enhancement designator;
•Selected assessment methods and objects;
•Depth and coverage attributes values;
•Assessment finding summary (indicating satisfied or other than satisfied);
•Assessor comments (weaknesses or deficiencies noted); and
•Assessor recommendations (priorities, remediation, corrective actions, or improvements).