I'm fairly new at my postion as an Information Security Officer (ISO) and I wanted to know how to prepare a letter to the Designated Aproving Authority (DAA) on the "Risk Assuptions" or " "Statement of Residual Risk". There are items on my Plan of Action and Milestone (POA&M) that the controls are inherited. Please help.
Free Guide: Managing storage for virtual environments
Complete a brief survey to get a complimentary 70-page whitepaper featuring the best methods and solutions for your virtual environment, as well as hypervisor-specific management advice from TechTarget experts. Don’t miss out on this exclusive content!