IAO-05
Plan of Action & Milestones (POA&M)
Description
Mechanisms exist to generate a Plan of Action and Milestones (POA&M), or similar risk register, to document planned remedial actions to correct weaknesses or deficiencies noted during the assessment of the security controls and to reduce or eliminate known vulnerabilities.
Control Question
Does the organization generate a Plan of Action and Milestones (POA&M), or similar risk register, to document planned remedial actions to correct weaknesses or deficiencies noted during the assessment of the security controls and to reduce or eliminate known vulnerabilities?
Control Metadata
Domain:
Information Assurance
Validation Cadence:
Annual
Evidence Request List:
E-RSK-03
Framework Mappings
This control maps to the following compliance frameworks
MAS TRM
4.5.2
HKIA GL20
5.15.25.35.45.55.65.7