POAM (an overview) Part 1

by Bruce | 0 comment

Check out the courses at: https://securitycompliance.thinkific.com

Here is the POAM template I was looking at:
https://www.fedramp.gov/developing-a-plan-of-actions-milestones/
https://www.fedramp.gov/assets/resources/templates/FedRAMP-POAM-Template.xlsm

PM-4 PLAN OF ACTION AND MILESTONES PROCESS
The organization:
a. Implements a process for ensuring that plans of action and milestones for the security program and associated organizational information systems:

  1. Are developed and maintained;
  2. Document the remedial information security actions to adequately respond to risk to organizational operations and assets, individuals, other organizations, and the Nation; and
  3. Are reported in accordance with OMB FISMA reporting requirements.

b. Reviews plans of action and milestones for consistency with the organizational risk management strategy and organization-wide priorities for risk response actions.

Leave a Reply

Your email address will not be published. Required fields are marked *

Comment *