CISSP · Question #440
What is the document that describes the measures that have been implemented or planned to correct any deficiencies noted during the assessment of the security controls?
The correct answer is C. Plan of Action and Milestones (POA&M). The document that describes the measures that have been implemented or planned to correct any deficiencies noted during the assessment of the security controls is the Plan of Action and Milestones (POA&M). A POA&M is a tool that helps to track and manage the remediation actions f
Question
What is the document that describes the measures that have been implemented or planned to correct any deficiencies noted during the assessment of the security controls?
Options
- ABusiness Impact Analysis (BIA)
- BSecurity Assessment Report (SAR)
- CPlan of Action and Milestones (POA&M)
- DSecurity Assessment Plan (SAP)
How the community answered
(29 responses)- A3% (1)
- C93% (27)
- D3% (1)
Explanation
The document that describes the measures that have been implemented or planned to correct any deficiencies noted during the assessment of the security controls is the Plan of Action and Milestones (POA&M). A POA&M is a tool that helps to track and manage the remediation actions for the identified weaknesses or gaps in the security controls. A POA&M typically includes the following elements: the description of the weakness, the source of the weakness, the risk level of the weakness, the proposed corrective action, the responsible party, the estimated completion date, and the status of the action. A POA&M can help to prioritize the remediation efforts, monitor the progress, and report the results.
Topics
Community Discussion
No community discussion yet for this question.