ISC2 Governance, Risk and Compliance (CGRC) Practice Question
While reviewing documentation for an annual information system audit, you must confirm that all known security weaknesses have owners, interim mitigation steps, and scheduled completion dates. Which document will most directly provide this information?
A Plan of Action and Milestones (POA&M) is specifically designed to track identified security or privacy weaknesses, assign responsibility for their resolution, document interim risk-mitigation measures, and record the target dates for completing corrective actions. A risk assessment report identifies threats and vulnerabilities but does not necessarily list remediation owners or milestones. A configuration management plan describes processes for controlling system changes, and a continuous monitoring strategy outlines how controls will be observed over time; neither provides the detailed remediation schedule that auditors need when validating weakness tracking.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a Plan of Action and Milestones (POA&M)?
Open an interactive chat with Bash
How does a POA&M differ from a Risk Assessment Report?
Open an interactive chat with Bash
What information should be included in a POA&M?
Open an interactive chat with Bash
ISC2 Governance, Risk and Compliance (CGRC)
Compliance Maintenance
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .