(c) Upon completion of each AMS Assessment, a written report, which is designated sensitive security information, must be prepared consisting of:
- (1) A summary of how the AMS Assessment was conducted;
- (2) A description of each vulnerability and consequences found during the AMS Assessment; and
- (3) A description of risk reduction strategies that could be used to ensure continued operation at an acceptable risk level.