ISC2 Governance, Risk and Compliance (CGRC) Practice Question
Your assessment team has documented residual vulnerabilities after a security control assessment. To comply with RMF step 5, you begin drafting the POA&M. Which information must the POA&M include so that authorizing officials can track reduction of residual risk over time?
Detailed network topology diagrams for all system enclaves
A cross-reference matrix mapping implemented controls to every NIST control family
Scheduled remediation milestones and target completion dates for each identified weakness
A list of assessment tools and test scripts used during penetration testing
A Plan of Action and Milestones (POA&M) is intended to manage outstanding weaknesses by laying out the remedial actions that will bring residual risk to an acceptable level. Core elements therefore include the milestones and target completion dates for each weakness, along with the resources and responsible parties. Without scheduled dates, an authorizing official cannot judge whether risk will be reduced within an acceptable time frame. Control-to-family cross-references, network diagrams, and lists of testing tools may be useful elsewhere in the authorization package but they are not required components of the POA&M itself and do not, by themselves, let management monitor progress toward risk reduction.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is RMF step 5 in the context of security assessments?
Open an interactive chat with Bash
What does residual risk mean, and why is it important in risk management?
Open an interactive chat with Bash
What key elements should be included in a POA&M to track risk reduction effectively?
Open an interactive chat with Bash
ISC2 Governance, Risk and Compliance (CGRC)
System Compliance
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .