Guidance Documentation for Risk Assessments & Management

 

Risk Aspects Control Form

In the image below the Risk Aspects Control form is shown:

12) On the Tab 1) the Control Id can be a Section Id, Control or Objective.

13) The control method implement or planned should be identified.

14) The requirements for the Control or Objective are implemented then use the control Implementation checkbox and enter the date implemented.

15) The verification is the objective evidence to prove the control is implemented.

16) The CMM score is relevant to the the NIST 800-171 DoD scoring method.

17) Tab 2) Implementation Comments and Notes should be used to record additional information about the control or control methods, (e.g., Plan of Action and Milestone (POAM) dates.

RA4Nist-800-171-AspectForm-AspectControls

 

18) Tab 2) Implementation Comments and Notes - add additional comments and use the Include Implementation Status Comments on Reports checkbox.

RA4Nist-800-171-AspectControlsformTab2)

 

Printing the Security Systems Plan (SSP) and Plan of Action Milestones (POAM)

Print an SSP and POAM

Published by ABCI Software Solutions | ABC ISO Consultants

Online & Onsite ISO Auditor and Awareness Training | ISO Certification Services | ISO Resources

Copyright © Access Business Communications, Inc.