As part of assessing the security controls, initial remediation actions should be conducted to correct noncompliant security controls, based on the findings and recommendations of the Security Assessm

Remediated controls should then be reassessed, as appropriate. The specific actions taken are based on the findings and recommendations made by the Security Control Assessor (SCA) in the SAR and the tasks laid out in the Plan of Actions