NIST SP 800-53 security control identifier that was
found to be deficient. For a security vulnerability (weakness) found by means other
than a security
controls assessment (e.g., vulnerability test), map the deficient function to the
applicable security
control
Source: CNSSI-1254 appendix C POA&M Data elements #4, NIST SP 800-37