CreatorTim Ramey
Description
The test team report describes vulnerabilities discovered in system components, the team's assessment of possible impacts to mission operations, and recommended corrective actions, if not corrected during the event. The CDT provides information to update the RMF POA&M and potentially the LCSP, with ACD test findings requiring corrective actions and uses ACD test results to inform updates to the PPP and Security Plan. Significant, mission-impacting vulnerabilities should be reported through the Program Office's formal DR process to ensure that cyber issues receive attention at the Program level for funding, if the contract language is inadequate or major engineering changes will be required. The CDT also provides ACD reports to the OTA and oversight organizations.Owning Diagram A43: Conduct ACD and Document Results