The cybersecurity risk management examination results in the issuance of a cybersecurity risk management examination report. The cybersecurity risk management examination report includes three key components:
Management’s description of the entity’s cybersecurity risk management program. The first component is a management-prepared narrative description of the entity’s cybersecurity risk management program (description). This description is designed to provide information about how the entity identifies its information assets, the ways in which the entity manages the cybersecurity risks that threaten it,