The POA&M Anatomy breaks the POA&M down by source or "feed" and completion status. FutureFeed is so named because it compiles the feeds from different types of actions identified for the organization. The current list of Feeds is:
- Compliance Actions - These actions include actions generated by Potential Assessment Considerations questions (formerly called "Outcomes"). When you say "no" to a question in the assessment the corresponding action appears here.
- Objectives - Actions that are associated with Control Objectives. These actions are optionally created when reviewing whether all of a control's objectives have been met.
- Inventory Actions - These are items that the organization needs to buy or build. They range from hardware and software to policies and other documentation.
- EOL (End-of-Life)Actions - EOL items on the network are cybersecurity problems in waiting. When a support contract expires or an item is not longer supported by its maker, the protections may no longer be updated while the threats continue to evolve. These actions mitigate the vulnerability or work to retire the item.
- New Ideas - Compliance actions compete for resources with ideas that drive innovation and productivity. For visibility when deciding what to resource and when, New Ideas can be added at any time to FutureFeed through the New Idea icon at the top of the platform.
Use the report to focus conversations as needed. For example, if looking at ideas for IT for the coming year, focus on the New Ideas table. To meet basic objectives for each control, focus on the Compliance Actions and Objectives.
The tables below the chart show the data that drives the pages. Pending Actions appear at the top of each table (Priority Flagged actions at the very top) and Completed Actions at the bottom.