The blue team test report shall include information on at least of the following:
1. for each attack step described by the testers in the red team test report:
(a) list of detected attack actions;
(b) log entries corresponding to these detections;
2. assessment of the findings and recommendations of the testers;
3. evidence of the attack by the testers collected by the blue team;
4. blue team root cause analysis of successful attacks by the testers;
5. list of lessons learned and identified potential for improvement;
6. list of topics to be addressed in purple teaming.