Convocourses Podcast: Plan of Action and Milestone (POAM content)

convocourses.com
Join Our Community

Convocourses Podcast: Plan of Action and Milestone (POAM content)

https://www.podbean.com/media/share/pb-5h8zk-13977b7

To download the POAM in this podcast go to convocourses.com

 

A Plan of Action and Milestones (POA&M) is a document that identifies tasks needing to be accomplished to remediate or mitigate risks to a system. It is a requirement under NIST 800-53, which is a guideline for federal agencies and contractors to follow when managing their information security programs. A NIST 800 POA&M, therefore, is a POA&M that is developed in compliance with NIST 800-53 standards.

The NIST 800 POA&M details the resources required to accomplish the elements of the plan, any milestones for meeting the tasks, and scheduled milestone completion dates [1]. The document is continuously updated as progress is made towards remediation, making it a living, dynamic document [2]. The POA&M is a critical tool for anyone responsible for tracking and reporting compliance issues or risks identified for a system [3].

NIST 800-53r5 recommends the use of security automation software to support the POA&M process. This software can help with tracking POA&M items and milestones, and integrate with ticketing systems for streamlined management of remediation activities [2].

 

 

 

Leave a Comment

Your email address will not be published. Required fields are marked *

Join the ConvoCourses Community for insights, offers, and exclusive learning updates!

Join the ConvoCourses Community

Shop GRC, Cyber, and IT books, audio, and merch!

Shop Now

Create your personalized GRC RoadMap and take control of your learning and career growth.

Start TODAY!

Check out Bruce’s Cyber GRC books on Amazon and elevate your governance, risk, and compliance skills.

Shop Now
Scroll to Top