Which one of the following documents should report progress made on the current outstanding items and address vulnerabilities in the information system discovered during the security impact analysis or security control monitoring?
a. Plan of action and milestones
b. System security plan
c. System security plan and plan of action and milestones
d. System deficiency plan