Depending on the results of these activities, it may be necessary to repeat appropriate phases. Throughout the entire process, the will keep all involved parties informed of the progress and findings, as well as provide briefings of findings to CMS. Evidence to support any weaknesses discovered will consist primarily of screen prints, script output, and session data. The will immediately notify CMS if significant or immediately exploitable vulnerabilities are discovered during the assessment.>
This section contains information describing the application and environment that will be assessed, the scope of the assessment, any limitations, and roles and responsibilities of staff who will participate in the assessment.
