Which document serves as the primary artifact that describes a cloud system's security controls and how they are implemented for FedRAMP authorization?
-
A
System Security Plan (SSP)
-
B
Plan of Action and Milestones (POA&M)
-
C
Security Assessment Report (SAR)
-
D
Authorization to Operate (ATO)