Good Morning, I'm fairly new at my postion as an Information Security Officer (ISO) and I wanted to know how to prepare a letter to the Designated Aproving Authority (DAA) on the "Risk Assuptions" or " "Statement of Residual Risk". There are items on my Plan of Action and Milestone (POA&M) that the...