Respond to the following in a minimum of 175 words:
A plan of action and milestones (POA&M) is a living, historical document that identifies tasks that need to be created to remediate security vulnerabilities. The goal of a POA&M should be to reduce the risk of the vulnerability identified.
Describe some of the common challenges with developing and maintaining a POA&M from the standpoint of a CISO versus a CIO.