The list of POA&M Tools and Services is captured in the Technology Subway Stop and reproduced in the SSP System Details section (1.3.1).
The POA&M Tools and Services section identifies items that have been selected for the organization but have not yet been fully acquired, installed or implemented.
Impact, Effort, and Cost ratings in combination with due date goals allow management to plan for the implementation of many detailed compliance and cybersecurity actions. With these ratings, lists of actions can be prioritized and filtered in the Project Builder, which is part of the "Your FutureFeed" subway stop.
Overall Rating - The average of the Impact, Effort and Cost ratings.
Impact Rating - The presumed impact of the item on the overall security posture or compliance of the organization. Some organizations will include productivity and profitability evaluations of impact when using this rating.
Effort Rating - The estimate of relative effort that it will take to implement this item in terms of internal team resources.
Cost Rating - The relative estimate of cost to implement this tool or service. The Dollar Scale is defined in the Company Profile.
Due Date - Use this quarterly date to set implementation goals.
Please sign in to leave a comment.