ISC2 Governance, Risk and Compliance (CGRC) Practice Question
While performing continuous monitoring, you identify several medium-severity vulnerabilities that management decides to remediate during the next budget cycle. To satisfy ongoing compliance requirements and prepare for future audits, where should you formally document the required corrective actions, resources, and target completion dates?
In a Plan of Action and Milestones (POA&M) document
On the system's approved configuration baseline checklist
In the System Security Plan (SSP)
In the minutes from the most recent Change Control Board meeting
A Plan of Action and Milestones (POA&M) is the authoritative record for tracking security weaknesses that cannot be immediately resolved. It lists each finding, the planned remediation tasks, responsible parties, required resources, and scheduled completion dates, allowing assessors to confirm that risks are being managed over time. A System Security Plan (SSP) describes the system and its implemented controls but is not intended for tracking future corrective actions. Change Control Board minutes capture approval decisions, not detailed remediation schedules. A configuration baseline checklist records approved system settings but does not track outstanding vulnerabilities or milestone dates.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a Plan of Action and Milestones (POA&M)?
Open an interactive chat with Bash
How does a POA&M differ from a System Security Plan (SSP)?
Open an interactive chat with Bash
Why is continuous monitoring important in governance, risk, and compliance?
Open an interactive chat with Bash
ISC2 Governance, Risk and Compliance (CGRC)
Compliance Maintenance
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .