I'm fairly new at my postion as an Information Security Officer (ISO) and I wanted to know how to prepare a letter to the Designated Aproving Authority (DAA) on the "Risk Assuptions" or " "Statement of Residual Risk". There are items on my Plan of Action and Milestone (POA&M) that the controls are inherited. Please help.
October 24, 2011 1:20 PM
October 24, 2011 1:57 PM