Defines the organizational document in which risk assessment results are documented (e.g., security plan, privacy plan; risk assessment report).
No STIG checks reference this CCI.