nerdexam
(ISC)2

CISSP · Question #440

What is the document that describes the measures that have been implemented or planned to correct any deficiencies noted during the assessment of the security controls?

The correct answer is C. Plan of Action and Milestones (POA&M). The document that describes the measures that have been implemented or planned to correct any deficiencies noted during the assessment of the security controls is the Plan of Action and Milestones (POA&M). A POA&M is a tool that helps to track and manage the remediation actions f

Submitted by klara.se· Mar 5, 2026Security Assessment and Testing

Question

What is the document that describes the measures that have been implemented or planned to correct any deficiencies noted during the assessment of the security controls?

Options

  • ABusiness Impact Analysis (BIA)
  • BSecurity Assessment Report (SAR)
  • CPlan of Action and Milestones (POA&M)
  • DSecurity Assessment Plan (SAP)

How the community answered

(29 responses)
  • A
    3% (1)
  • C
    93% (27)
  • D
    3% (1)

Explanation

The document that describes the measures that have been implemented or planned to correct any deficiencies noted during the assessment of the security controls is the Plan of Action and Milestones (POA&M). A POA&M is a tool that helps to track and manage the remediation actions for the identified weaknesses or gaps in the security controls. A POA&M typically includes the following elements: the description of the weakness, the source of the weakness, the risk level of the weakness, the proposed corrective action, the responsible party, the estimated completion date, and the status of the action. A POA&M can help to prioritize the remediation efforts, monitor the progress, and report the results.

Topics

#POA&M#security documentation#risk mitigation plan#security assessment follow-up

Community Discussion

No community discussion yet for this question.

Full CISSP Practice