POAM

POAM vs Implementation Statement

September 12, 2021 by Bruce Brown Leave a Comment

Many more videos on https://www.youtube.com/convocoursesshort videos at https://www.tiktok.com/@convocourses?lang=enand https://www.instagram.com/convocourseqs/https://www.facebook.com/ConvoCourses-108091850619388Podcast version of the content:https://podcasts.apple.com/us/podcast/convocourses/id1500188278 http://www.nist80037rmf.com/google_podcast

ConvoCourses Podcast: POA&M Risk responses Resumes

May 27, 2021 by Bruce Brown Leave a Comment

Sign up for free at http://convocourses.com for deeper dives.

Many more videos on https://www.youtube.com/convocourses

short videos at https://www.tiktok.com/@convocourses?lang=en

and https://www.instagram.com/convocourses/

https://www.facebook.com/ConvoCourses-108091850619388

Podcast version of the content:

https://podcasts.apple.com/us/podcast/convocourses/id1500188278

http://www.nist80037rmf.com/google_podcast

POAM (an overview) Part 1

April 23, 2019 by Leave a Comment

Check out the courses at: https://securitycompliance.thinkific.com

Here is the POAM template I was looking at:
https://www.fedramp.gov/developing-a-plan-of-actions-milestones/
https://www.fedramp.gov/assets/resources/templates/FedRAMP-POAM-Template.xlsm

PM-4 PLAN OF ACTION AND MILESTONES PROCESS
The organization:
a. Implements a process for ensuring that plans of action and milestones for the security program and associated organizational information systems:

1. Are developed and maintained;

2. Document the remedial information security actions to adequately respond to risk to organizational operations and assets, individuals, other organizations, and the Nation; and

3. Are reported in accordance with OMB FISMA reporting requirements.

b. Reviews plans of action and milestones for consistency with the organizational risk management strategy and organization-wide priorities for risk response actions.