ISC2 Governance, Risk and Compliance (CGRC) Practice Question
During the meeting to review the initial audit report, you and the system stakeholders agree on what action will be taken for each identified risk, who is accountable, what resources are needed, and the intended completion date. Which artifact should you collaboratively create to formally capture and track this information?
The Plan of Action and Milestones (POA&M) is the RMF-mandated document for recording each corrective action that results from an assessment or audit, assigning an owner, identifying required resources, and setting target completion dates. Although a risk register records risks and may note high-level treatment strategies, the POA&M is the authoritative tool used to manage the detailed remediation tasks for audit findings. A system security plan describes existing or planned controls, and a continuous monitoring strategy defines how controls will be assessed over time-neither serves to track specific post-audit corrective actions.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a POA&M in the RMF process?
Open an interactive chat with Bash
How is the POA&M different from a risk register?
Open an interactive chat with Bash
Why can’t the System Security Plan (SSP) or Continuous Monitoring Strategy be used instead of a POA&M?
Open an interactive chat with Bash
ISC2 Governance, Risk and Compliance (CGRC)
Assessment/Audit of Security and Privacy Controls
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .