|
|
|
Forum Newbie
Group: Forum Members
Last Login: 5/13/2010 9:34:54 AM
Posts: 9,
Visits: 33
|
|
| Recommend DIACAP toolset provide a prompt asking the use if they would like to automatically populate the POA&M based on the information provided in the DIP or Scorecard. The toolset could ask, "Would you like to add the "Planned" control in the POA&M?". A positive response would move the control number and risk information right into the POA&M. The tool could then ask the uesr if they would like to provide amplifying information such as costs and milestones. The same concept could apply to non-compliant (NC) controls in the scorecard.
|
|
|
|
|
Junior Member
Group: Forum Members
Last Login: 11/14/2009 1:43:44 AM
Posts: 14,
Visits: 30
|
|
| You can already do that by answering YES to the POA&M Column on the Scorecard. The IA Control will be moved to the POA&M. We use this feature to answer all Not Compliants and N/A answers on the POA&M.
|
|
|
|
|
Junior Member
Group: Forum Members
Last Login: 2/5/2008 10:09:22 AM
Posts: 10,
Visits: 7
|
|
| Actually if you are asking this question, then you should go back to the ST&E complete it and as you complete an ST&E have a link that populates the Scorecard, POAM and DIP all at the same time. In reverse engineering as you mitigate the POAM and DIP updates to the Scorecard and ST&E are accomplished at the same time.
|
|
|
|
|
Junior Member
Group: Forum Members
Last Login: 2/5/2008 10:09:22 AM
Posts: 10,
Visits: 7
|
|
| Why are we adding N/A responses to the POAM, if the control is N/A then the comment in the scorecard should justify the control. Putting N/A controls in a POAM violated Federal Paperwork Reduction Act.
|
|
|
|
|
Supreme Being
Group: Administrators
Last Login: 8/24/2010 8:37:01 PM
Posts: 292,
Visits: 690
|
|
| While I don't disagree, some serivec that we have worked with actually want anytning that is not Compliant in the POA&M--don't agree with the concept, but that's what they require
|
|
|
|