Using a NIST SP 800-53 control family or name can help contextualize the risk you're documenting.
The prose description of the finding revealed by your assessment should be clear and concise. Just the facts, pal!
Choose the most pertinent threat source.
It helps to add a prose description of your rationale, but keep it clear and brief!
It helps to add a prose description of your rationale, but keep it clear and brief!
Try to be clear about who needs to do what. The whens, wheres, hows, and whys can be useful too.

Markdown

JSON