When I download and open either the Attestation or Certification, it doesn’t have any details of the individual controls. Can I assume that all controls listed in the self-assessment were found to be present and effective based on either the Attestation or Certification?
Possibly, but not necessarily.
STAR Certification and STAR Attestation are respectively "extensions" of ISO27001 and SOC2. Essentially we demand to add to the so-called Statement of Applicability (which is the set of controls a company is audit against) the CCM controls on the top of the controls included in the native standard (i.e ISO27002 and AICPA TSC).
According to the ISO and SOC auditing rules a company can exclude some of the controls (of ISO27001 or of SOC2 or STAR Cert/Attestation) from SoA if those are out of scope.
So in general you can assume that all the CCM controls are verified, and if they are not it is because they are not relevant in the scope of the audit (because not relevant in that specific implementation, or because other compensating controls are in place, or...).
Typically if a control is excluded from the SoA that needs to be justified.