ISC2 Governance, Risk and Compliance (CGRC) Practice Question
After security controls have been implemented and assessed, a risk analyst records the specific vulnerabilities that still exist, the remedial tasks to address them, the individuals responsible, and the target completion dates. Which formal RMF artifact is intended to capture this residual-risk information for an authorizing official's review?
The Plan of Action and Milestones (POA&M) is the RMF artifact specifically designed to document residual weaknesses that remain after controls are implemented. It lists each outstanding vulnerability, describes the planned corrective action, assigns responsibility, and provides scheduled completion dates so that progress can be tracked and risk decisions can be made. The Security Assessment Report summarizes assessment results but does not track future remediation work. The System Security Plan describes the control environment rather than residual issues. A risk register may log organizational risks broadly, but the RMF requires the POA&M for formal residual-risk reporting to the authorizing official.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the purpose of the POA&M in the RMF process?
Open an interactive chat with Bash
How does the POA&M differ from the Security Assessment Report (SAR)?
Open an interactive chat with Bash
Why is assigning responsibility in the POA&M important?
Open an interactive chat with Bash
What is the role of a POA&M in the RMF process?
Open an interactive chat with Bash
How does a POA&M differ from a Security Assessment Report (SAR)?
Open an interactive chat with Bash
What kind of information is typically included in a POA&M?
Open an interactive chat with Bash
ISC2 Governance, Risk and Compliance (CGRC)
System Compliance
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .