What type of report determines if security controls comply with established goals?

The Security Assessment Report is designed to evaluate the effectiveness of security controls against established goals and standards. This report provides detailed findings from security assessments, including the evaluation of how well security controls are implemented, their effectiveness in protecting information systems, and compliance with relevant policies or regulations.

The focus of the Security Assessment Report is to summarize the assessment process, highlight strengths and weaknesses in security practices, and offer recommendations for improvements. This ensures that organizations can identify areas where they may fall short of compliance and take necessary actions to bolster their security posture.

While the other reports mentioned serve different purposes, they do not specifically assess compliance with established security goals. A Security Assessment Methodology outlines the framework or approach for conducting assessments but does not present findings. An Incident Report focuses on documenting specific security incidents, detailing what occurred, how it was managed, and lessons learned. A Risk Management Report deals with the identification, assessment, and prioritization of risks but not directly with the compliance of security controls.