From the course: NIST 800-53r5: Introduction to Security and Privacy Controls
Join today to access over 24,900 courses taught by industry experts.
POA&M
- Okay, so in lesson 2.9, we're going to talk about plan of action and milestones or the POA&M. I kind of mentioned this before, but now is the last lesson. We're getting to the last part of the lifecycle of a weakness, vulnerability, security control, mapping it to an actual risk. So this lesson, you'll learn about why we have POA&Ms. Seems kind of obvious, but we're going to explain that. Interpret the components, the different parts that we need for a POA&M, what makes sense. And then, critique some POA&M entries. Here's the components of a plan of action and milestone. So you first need to document the weakness. Obviously, we need to say what it is, what we found. You need to allocate resources. This is why we're procuring a plan. You have to name a person or resource or role that is going to do something about. That's going to be in charge of fixing it, that's going to be in charge of monitoring it, so that you don't just put a weakness out there and no idea who's going to fix…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
(Locked)
Module two overview1m 48s
-
(Locked)
Control families6m 48s
-
(Locked)
Anatomy of a control4m 57s
-
Control selection5m 22s
-
(Locked)
Common, system, and hybrid controls7m 26s
-
(Locked)
Organization defined variables2m 46s
-
(Locked)
System security plan5m 37s
-
(Locked)
Control assessment8m 11s
-
(Locked)
POA&M6m 48s
-
(Locked)
-
-