The Security Assessment Report (SAR) is the document provided by the control assessment team. The assessment report contains the results of the security control testing as described in the Security Assessment Plan (SAP). The assessors will describe the procedures used and identify any relevant gaps and risks associated with the controls that are in place at the organization. The SAR is used as part of the accreditation process and the results are given to the authorizing official.
Applicability: Relevant in compliance audits, cybersecurity assessments.