Authorize Information System Phase 5
- Plan of Action and Milestone (POA&M)-Identifies vulnerability, resources, impact, recommendation and time needed to resolve identified vulnerabilities during the assessment Phase
- POAM’s are usually drafted by the C&A Analyst with support from System Owner
- Before a POA&M artifact is created the system owner usually reviews a draft of the SAR in order to accept findings or provide additional evidence in contest of fail controls
- Sample POA&M
SECURITY AUTHORIZATION PACKAGE
- After the POAM is created the Authorizing Official is presented with the Security authorizing Package
Full SA&A/C&A Package
|FIPS 199 |
Risk Assessment Report PTA PIA
System Security Plan
Contingency Plan Test
Security Control Baseline
error: Content is protected !!
Accessing this course requires a login. Please enter your credentials below!