Certified Administrative Professional (CAP) Practice Exam 2025 – Your All-in-One Guide to Exam Mastery!

"Common controls" are typically documented in the General Support System, System Security Plan. This document outlines the controls that apply to a variety of systems supported by a common infrastructure or environment. It provides details on the security and administrative measures in place across multiple systems, ensuring that all relevant stakeholders understand and can enforce these controls effectively.

The System Security Plan is particularly essential as it serves as a blueprint for the organization's security posture, including details about common controls that must be adhered to for compliance with regulations and standards. This documentation helps in assessing the overall security of the systems and ensures that all components are aligned with the organization's security policies and procedures.

The other options, while related to security and compliance aspects, do not specifically focus on the common controls in the same way. The Operational Manual typically details procedures for daily operations and may not address overarching security controls. The Risk Management Plan is focused on identifying and mitigating risks rather than detailing specific controls. The Compliance Report reflects adherence to established guidelines but does not comprehensively document the controls themselves. Thus, the General Support System, System Security Plan is the most appropriate source for documenting common controls.