X hits on this document

Powerpoint document

HHS Cybersecurity Program Training Information Security for Information Technology (IT) Administrato... - page 108 / 158

416 views

0 shares

0 downloads

0 comments

108 / 158

U.S. Department of Health and Human Services

Before any system is made operational, it must be authorized by agency management to formally accept responsibility for the risks identified. A POA&M is developed as part of the security authorization process to address weaknesses reported in risk assessments and security testing for organizational systems.

HHS uses a system to manage POA&Ms. A POA&M generally identifies a System Owner (who could be the CIO or Hospital Director, for example) as the responsible point of contact. How much IT Administrators assist with the POA&M depends on what your ISO needs. IT Administrators generally have responsibility to fix or mitigate findings that are in the technical realm.

Page 9 of 9

System Security Documentation

POA&M

Document info
Document views416
Page views416
Page last viewedWed Dec 07 22:53:22 UTC 2016
Pages158
Paragraphs2058
Words16945

Comments