RMF POA&M Creation and Management (Hands-On Approach)

Рет қаралды 26,333

2 жыл бұрын

In this video we discussed POA&M creation and management process. This is based on our previous video, "Nessus Vulnerability Scan Results Analysis". If you have not seen that video, you might wanna watch that video first before you continue with this video. Please LIKE, SHARE, and SUBSCRIBE to help grow the channel.
Computer Security Resource Center
csrc.nist.gov/publications
The free way to help the channel grow is by subscribing using the link below:
kzfaq.info?su...
************Patreon & Channel Support******************
www.patreon.com/kamilSec?fan_...
*******Order your KamilSec (KS) Designs Merch:*********
kamilsec.creator-spring.com/
**************************************************************
CashApp: $Kamilzak
Zelle: kaamilzak@gmail.com
Paypal: paypal.me/MZakari
Thank You!!!
*************************************************************
**You can download the Raw Nessus Vulnerability Scan results, Admin response spreadsheet and POA&M template for your practice if need be from my Patreon Page, link below.**
www.patreon.com/kamilSec?fan_...
*I ALSO CONDUCT INDIVIDUALIZED RESUME AND INTERVIEW PREP SESSION*
Udemy Affliate link:
track.flexlinkspro.com/g.ashx...
VeeFLY Referral Link:
veefly.com?referrer=318243
Connect with me on Social Media:
Twitter: / kamilzak_1
Instagram: @Kamilzak1
E-Mail: Kaamilzak@gmail.com

Пікірлер: 91

@stephenbrown2985 2 жыл бұрын

Kamil you and your household will forever be blessed for what you do even with your busy schedule.

@KamilSec 2 жыл бұрын

Thank you so much bro. I appreciate all the prayers and kind words!!!

@ALLISONFolks 9 ай бұрын

I am watching this video for the second time, and I have gained so much knowledge again. I thank you so much, maybe God continue to bless you, sir.

@KamilSec 9 ай бұрын

You are so welcome, Ameen!

@Oladitikomolafe Жыл бұрын

Kamil, God bless you!!!

@KamilSec Жыл бұрын

Ameen

@akoudousse4722 Жыл бұрын

Great video , Thank you

@KamilSec Жыл бұрын

Glad you enjoyed it

@florenceakintunde9752 2 жыл бұрын

Thank you for this excellent video, so detailed and well explained. More grease to your elbow.

@KamilSec 2 жыл бұрын

You are so welcome!

@absolute3112 Жыл бұрын

Thank you brother... this was excellent

@KamilSec Жыл бұрын

Very welcome

@SuperWinning111 2 жыл бұрын

Another excellent video on POA&M. Can't get anything more precise and well articulated. Thank you for the work you do.

@SuperWinning111 2 жыл бұрын

I have a question. Where can I pick the control code like you did?

@KamilSec 2 жыл бұрын

My pleasure bro!

@KamilSec 2 жыл бұрын

All the controls codes will be in appendix D of SP 800 53

@lonjay 2 жыл бұрын

Great video, hopefully when I get a job, I could place your video side by side because they are very detailed. This is really hands on the job training.

@megatron98 2 жыл бұрын

Great video, thanks!

@mohamedsesay9865 Жыл бұрын

I have been learning from your videos. You have great content!

@KamilSec Жыл бұрын

I appreciate that, thanks!

@opeolutola1532 Жыл бұрын

God bless you for this great job

@KamilSec Жыл бұрын

Thanks Man!

@medianetwork7972 2 жыл бұрын

Thanks Kamil… great post as usual 👍

@KamilSec 2 жыл бұрын

Glad you enjoyed it!

@lawrenceaikins9845 2 жыл бұрын

Thank you Kamil

@KamilSec 2 жыл бұрын

You’re very welcome Lawrence!

@christianihendu7438 2 жыл бұрын

Thank you fir the video. It was helpful. Thank you

@KamilSec 2 жыл бұрын

You are welcome!

@mcbelescony8642 Жыл бұрын

Excellent post

@KamilSec Жыл бұрын

Thanks for watching, I hope you will help share the videos to promote the channel!

@samueltoler3240 2 жыл бұрын

Excellent presentation.

@KamilSec 2 жыл бұрын

Thank you kindly!

@toluomoba4223 2 жыл бұрын

Good video 👍🏿

@spdadon15 2 жыл бұрын

Great video boss !!

@KamilSec 2 жыл бұрын

Thanks!

@spdadon15 2 жыл бұрын

Looking for Splunk configuration video hope u do one one day

@opoku-agyemangisaac336 2 жыл бұрын

Zakari!! you too much

@jleaven2707 2 жыл бұрын

Hi. At my workplace one big change we have to doing the poam is the mitigation column in which we have to explain what we have currently in our environment thats in place currently while we work on a remediation of the vulnerability. The mitigation has to be specific to the vulnerability

@KamilSec 2 жыл бұрын

Cool, I guess this is as a results the nature of your system. It could be that your system is public/internet facing or not behind any firewall or bastion host.

@steveayodele5387 4 ай бұрын

Great hands on tutoria, keep it up. Please will it be possible to get the excel template of the POA&M?

@KamilSec 3 ай бұрын

You can get access to the spreadsheet from my Patreon page

@bradonchenue4801 2 жыл бұрын

Good morning sir

@KamilSec 2 жыл бұрын

Good morning Bradon

@kafagodwill9185 Жыл бұрын

THANKS VERY MUCH. PLEASE DO YOU HAVE A VIDEO ON POA&M WITH SECURITY CONTROL SINCE THIS WAS WITH THE NESSUS SCAN VULNERABILITY

@KamilSec Жыл бұрын

Sorry, I do not.

@zbeauty9975 2 жыл бұрын

Great video! Can you do a video about CSAM?

@KamilSec 2 жыл бұрын

ZBeauty, unfortunately I cannot do a video in CSAM, there is no community version of the tool, and hence I cannot use the one for the government for KZfaq tutorial.

@wilfrednkondock4918 11 ай бұрын

can't see the previous video about the Nessus vulnerability scan result analysis

@KamilSec 11 ай бұрын

See the link below for the Nessus Vulnerability Scan Analysis Video: kzfaq.info/get/bejne/orR4kpegmr63nHk.htmlsi=okbFctPiKRgOX1_t

@Techdeeni Жыл бұрын

Thanks for taking the time to explain this often tedious process. I do have a question. What if the plug-ins are updated for the next scan, will the old plug-ins still show up when you do a search if it hasnt been remediated yet?

@KamilSec Жыл бұрын

The plugins will be the same for a vulnerability, never changes except the vulnerability is fix and it wont show up in the next scan.

@Techdeeni Жыл бұрын

@KamilSec Thank you Sir!

@jleaven2707 2 жыл бұрын

Also our security manager instructed us that our last milestone date match the scheduled completion date. Does that vary by workplace?

@KamilSec 2 жыл бұрын

Yes, that varies from workplace to workplace. However having the last milestone completion date same as the POA&M schedule completion date can be a bit risking an overdue POA&M. This is because, if evidence of completion of the last milestone need to be reviewed and approved before the POA&M gets submitted for closure, that can be a stretch for the same date.

@cu9747 10 ай бұрын

which roles would do these kind of tasks? such as creating POAMs, SSPs, etc?

@KamilSec 10 ай бұрын

IT Security Analyst, ISSO, POA&M Manager, Alternate ISSO....

@joycefynn8496 2 жыл бұрын

Thank you so much you are awesome! I have a question! I have an interview scheduled for next week! What type of technical questions do you think will come up? I already had the first interview and it was the RMF process and they have scheduled a second one for technical! Am so nervous!

@KamilSec 2 жыл бұрын

Thats a tough call, however based on the JD you can deduce where their minds are. Nonetheless, you can make sure you know your OSI Model and TCP/IP Model, Security protocols and common ports, vulnerability management and so on...Good luck!

@joycefynn8496 2 жыл бұрын

@@KamilSec Thank you so much !

@oliviangwa3473 Жыл бұрын

I am a new ISSO and will like to understand the contain of the Authorization Package and how these contains are made. In the POA&M, under Planned Milestone column, Where does the ISSO get all remediations to point them out under the planned milestone column?? Thank You 🙏🏽

@KamilSec Жыл бұрын

Contents of the Authorization Package are SSP, SAR and POA&M and ATO Memo. Watch this video for more kzfaq.info/get/bejne/l8qoobGE2arXm3U.html The Remediation milestones for the technical controls are mostly from the system admins.

@oliviangwa3473 Жыл бұрын

Thank You Sir, this is so helpful. Quick question 🙋‍♀️, what if you read the description of the Vulnerability and can’t determine the exact control? Is the another way to determine the exact control???

@KamilSec Жыл бұрын

Unfortunately, that comes with experience working with these controls.

@Zanein1 2 жыл бұрын

I’m a new ISSO, so for the planned milestones how would I know what to put or is there some type of reference I can go off of?

@KamilSec 2 жыл бұрын

Prate, for the planned milestones, you really have to coordinate with the people who are actually going to do the remediations (Admins) to get the timeframe they think they can complete the remediation.

@Zanein1 2 жыл бұрын

@@KamilSec thank you 🙏🏾

@shivendumenon878 11 ай бұрын

Would a format for POAM ID 220001 be used (22 being the year and 0001 being it ID), So any new vulnerability needed can be added based on the year. And would 9999 POAM ID be sufficient units to be in the POA&M per year?

@KamilSec 11 ай бұрын

yes, that works. However way the organization decides on is fine.

@shivendumenon878 11 ай бұрын

@@KamilSec Understood! Thank you, Been following your content for a few weeks and I must say it brilliant the way you explain. Brings more interest to learn.

@christianihendu7438 2 жыл бұрын

I thought it is highly recommended we remediate critical vulnerability 15days, High Vulnerability 30days, Moderate Vulnerability 60 days, Low Vulnerability 90days. If the above is true and the information system overall water mark is Moderate. 1) What scheduled completion date will be assigned to a critical Vulnerability even if the POC said it will take 3months to remediate? 2) Are we going to base our time frame on POC suggested time frame? 3) Do we put into consideration overall water mark of the information system during our POAM creation and remediation process? 4) What is the best approach in creating our scheduled completion date? I really appreciate your time and clarification. Thank you.

@KamilSec 2 жыл бұрын

Good questions Christian, So first of all if the system teams have the resources to remediate within (15 days or 30 days), they would have done that and we will not worry creating the POA&M. But there are instances even if the agency is asking the team to fix a critical vulnerability with days, the system team simply cannot do that, for instance if the issue is related to a vendor releasing a patch that are not yet available. In that case a POA&M is created to track the remediation efforts until the vendor release the patch. Hope that makes sense.

@jackieo7113 2 жыл бұрын

Hi - are you able to provide a link to the videos you advise we review prior to this? I'll also send an email request for the template to practice against - are you able to add that in the more section also?

@KamilSec 2 жыл бұрын

kzfaq.info/get/bejne/orR4kpegmr63nHk.html So, the excel files are bit large and uploading them on AWS S3 bucket and sharing the link here for easy download will incur some significant monthly bill, hence the need for people to request via e-mail.

@huyilanalana8393 Жыл бұрын

@@KamilSec can i get a copy of the excel for practice. Thank you

@Teesamp86 Жыл бұрын

I was expecting the control to be RA-5 SI-2

@KamilSec Жыл бұрын

Yes generally you can refer to RA-5 (Vulnerability Scan) or SI-2 (Flaw Remediation) however, if the control involves say configuration or Cryptographic findings you can refer to CM-6 or SC-13 controls respectively.

@jvicks_hair Жыл бұрын

WHAT do you do when you are not sure about the name of the control to be remediated?

@KamilSec Жыл бұрын

Good question, you can also refer to some old POA&Ms with the same or similar findings to get an idea.

@bradonchenue4801 Жыл бұрын

Who does the scan analysis?

@KamilSec Жыл бұрын

IT Security Analyst or the ISSO

@sylviaboateng1411 2 жыл бұрын

Hello, how can I reach out please?

@KamilSec 2 жыл бұрын

kaamilzak@gmail.com

@joseskobena6250 Жыл бұрын

Chaii!. excellent video bro, God bless you and increase your knowledge. if you don't mind how can i contact you, i need you to be my mentor in this field. thank you

@KamilSec Жыл бұрын

kaamilzak@gmail.com

@joseskobena6250 Жыл бұрын

@@KamilSec Thank you for your response bro.

@joseskobena6250 Жыл бұрын

Hello Bro, I have contacted several times but no response, Pls try and make some time for me, lol, thank you.