Authorize Information System Phase 5 Q2

  • Plan of Action and Milestone (POA&M)-Identifies vulnerability, resources, impact, recommendation and time needed to resolve identified vulnerabilities during the assessment Phase
  • POAM’s are usually drafted by the C&A Analyst with support from System Owner
  • Before a POA&M artifact is created the system owner usually reviews a draft of the SAR in order to accept findings or provide additional evidence         in contest of fail controls
  • Sample POA&M

SECURITY AUTHORIZATION PACKAGE

  • After    the POAM is created the Authorizing Official is presented with the Security authorizing Package

Full SA&A/C&A Package

FIPS 199
Risk Assessment Report PTA PIA
E-authentication
SORN
System Security Plan
Configuration
Management Plan
Contingency Plan
Contingency Plan Test
Security Control Baseline
Test Plan
ST&E
SAR
POA&M
ATO

error: Content is protected !!