What part of the Authorization Package provided to the Authorizing Official, or Designated Representative is the formal document that provides an overview of the security requirements for an information system or an information security program and describes the security controls in place or planned for meeting those requirements?
a. Security Plan
b. POA&M
c. Security Assessment Report
d. Risk Assessment Report