nerdexam
(ISC)2

CAP · Question #206

In which of the following phases do the system security plan update and the Plan of Action and Milestones (POAM) update take place?

The correct answer is A. Continuous Monitoring Phase. Under frameworks such as NIST RMF and FISMA, the Continuous Monitoring Phase is where the system security plan and Plan of Action and Milestones (POAM) are regularly reviewed and updated. As vulnerabilities are found, controls change, or the system evolves, the security plan is r

Compliance Maintenance

Question

In which of the following phases do the system security plan update and the Plan of Action and Milestones (POAM) update take place?

Options

  • AContinuous Monitoring Phase
  • BAccreditation Phase
  • CPreparation Phase
  • DDITSCAP Phase

How the community answered

(24 responses)
  • A
    92% (22)
  • C
    4% (1)
  • D
    4% (1)

Explanation

Under frameworks such as NIST RMF and FISMA, the Continuous Monitoring Phase is where the system security plan and Plan of Action and Milestones (POAM) are regularly reviewed and updated. As vulnerabilities are found, controls change, or the system evolves, the security plan is revised and the POAM tracks remediation activities. The Accreditation Phase produces the initial authorization decision, and the Preparation Phase sets up documentation, but ongoing updates belong to Continuous Monitoring.

Topics

#Continuous Monitoring#System Security Plan (SSP)#Plan of Action and Milestones (POAM)#Risk Management Framework (RMF) phases

Community Discussion

No community discussion yet for this question.

Full CAP Practice