X hits on this document

Powerpoint document

HHS Cybersecurity Program Training Information Security for Information Technology (IT) Administrato... - page 32 / 158

350 views

0 shares

0 downloads

0 comments

32 / 158

U.S. Department of Health and Human Services

A significant deficiency is defined as a weakness in HHS’s overall information system security program, such as a finding from an IT security risk assessment, a vulnerability found during security control assessment activities within the security authorization, or a weakness discovered during an independent review.

The POA&M report tracks the number of weaknesses identified at the start of the quarter, the number for which action was completed, the number in which action has been delayed along with a brief explanation, and the number of new weaknesses and how they were identified. It is important to accurately track the weaknesses reported in the POA&M. When there is a change in status of the weaknesses, that change must be reflected in the next POA&M quarterly update. The POA&M identifies who is responsible for mitigating the weakness as well as milestone dates for completion.

Page 3 of 5

HHS Policy Significant Deficiency

Document info
Document views350
Page views350
Page last viewedSat Dec 03 18:14:16 UTC 2016
Pages158
Paragraphs2058
Words16945

Comments