Week 6 Homework 1.  Name 4 of the typical content/elements of a…

Week 6 Homework
1.  Name 4 of the typical content/elements of a POA&M
 
2.  Name the IT security officer that typically creates POA&M
 
3.  Name 2 of the POA&M tracking tools
 
4.  Which POAM tool is currently used by DHS and which is used by most federal agencies?
 
5.  POA&Ms are generally created and inputted into the POA&M tracking system within how
many days of the identification of a weakness?
 
6.  State the first and the last steps in the POA&M process
 
7.  Name the POA&M report that shows the number of POA&M delays
 
8.  Which POA&M report shows the number of weaknesses that are scheduled for completion
such as within the next 30, 60, 90, and 180 day windows?
 
9.  Name one medium through which policies are typically made available to employees
 
10.  Which of the policy or procedure document is entity-wide and published at the enterprise or
higher level of the organization?
 
11.  What is SOP and is it another name for policy or procedure level document?
 
12.  What NIST document are IT security policy and procedures created from?
 
13.  How often are IT security policies and procedures typically required to be updated, 
14.  IT Security procedures are typically updated by whom and who reviews the update? 
 
15.  Which of the IT security policy or procedure:
 
(a)    needs to cover all the NIST 800-53 control families, and 
(b)   which of the two needs to address all the controls in each family?
 
16.  Name 2 of the audits conducted at a federal agencies
 
17.  What is the full meaning/name for NFR with respect to audit?
 
18.  What does CAP mean, and is it similar of different than POA&M?
 
19.  As an audit liaison officer, what action typically needs to be taken if the folks that are
supposed to provide items requested by auditors do not provide them by the due date?