When are Plan of Action and Milestones POAMs done in the RMF process
Vložit
- čas přidán 28. 08. 2024
- Sign up for free courses!
convocourses.com
convocourses.net - (Discounts and free stuff)
Join advanced readers group:
booksprout.co/...
Join the Newsletter:
convocourses.a...
Check us out here:
convocourses.org
/ convocourses
/ convocourses-108091850...
/ convocourses
Podcasts:
convocourses.p...
podcasts.apple...
Books on Amazon:
amazon.com/auth...
#convocourses
#cybersecurity
#isso
#nistrmf
#rmf
#usajobs#itjobs
Check out free courses @ convocourses.com
JUst want to say man your page has been a big help, greatly appreciated
thank you so much :) Glad to hear it!
Class act. Thank you for offering to help our veterans!
Our pleasure!
Where would the security control assessor find the recommended remediation fix for failed controls to support the POAM without running a scan?
SCA can find the remediation fixes or "expected results" in several places:
- Vulnerability scan results usually have the solutions to the finding (nessus calls in plugin Output or solution)
- For operational issues, the expected result is what the organization states in the policy (frequency of scan, backups schedule, audit log reviews)
- For policy and procedures, every industry has a certain standard and requirement of documents. 1 example is governments FISMA states that all organization should have a security policy and they should address every control.
A great resource for expected results is NIST 800-53A
If there are immediate fix to findings do you still have to create a POAM?
Where can i find that control list?
Little late I know, but what you're looking for is NIST SP 800-53.
☝️👍
Huh