CAP · Question #206
In which of the following phases do the system security plan update and the Plan of Action and Milestones (POAM) update take place?
The correct answer is A. Continuous Monitoring Phase. Under frameworks such as NIST RMF and FISMA, the Continuous Monitoring Phase is where the system security plan and Plan of Action and Milestones (POAM) are regularly reviewed and updated. As vulnerabilities are found, controls change, or the system evolves, the security plan is r
Question
In which of the following phases do the system security plan update and the Plan of Action and Milestones (POAM) update take place?
Options
- AContinuous Monitoring Phase
- BAccreditation Phase
- CPreparation Phase
- DDITSCAP Phase
How the community answered
(24 responses)- A92% (22)
- C4% (1)
- D4% (1)
Explanation
Under frameworks such as NIST RMF and FISMA, the Continuous Monitoring Phase is where the system security plan and Plan of Action and Milestones (POAM) are regularly reviewed and updated. As vulnerabilities are found, controls change, or the system evolves, the security plan is revised and the POAM tracks remediation activities. The Accreditation Phase produces the initial authorization decision, and the Preparation Phase sets up documentation, but ongoing updates belong to Continuous Monitoring.
Topics
Community Discussion
No community discussion yet for this question.