ISC2 Governance, Risk and Compliance (CGRC) Practice Question
While compiling the authorization package, you must develop the Plan of Action and Milestones (POA&M) for control weaknesses noted in the Security Assessment Report. Which information is mandatory to include in the POA&M so the authorizing official can evaluate remediation efforts?
A matrix that maps implemented controls to the applicable NIST SP 800-53 control families.
The continuous monitoring strategy and the frequency of future assessment activities.
For each control weakness, the planned corrective action, responsible party, required resources, and scheduled completion date.
The authorizing official's signed memorandum accepting current residual risks.
A POA&M is a management tool that lists each control weakness discovered during assessment and documents how and when the weakness will be resolved. For every deficiency, the POA&M must state the specific corrective action, identify the party responsible, enumerate any resources or budget required, and provide a target completion date or milestone. This level of detail lets the authorizing official judge both the realism of the remediation strategy and the residual risk during the authorization decision. Merely mapping controls, describing monitoring frequency, or attaching a signed risk acceptance letter does not supply the actionable remediation schedule that characterizes a POA&M.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the purpose of a POA&M?
Open an interactive chat with Bash
What kind of information is mandatory in a POA&M?
Open an interactive chat with Bash
How does the POA&M impact the authorization decision?
Open an interactive chat with Bash
ISC2 Governance, Risk and Compliance (CGRC)
System Compliance
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .