C-PAT™ is an API and web client currently being developed through Naval Surface Warfare Center Crane Division that aims to automate vulnerability documentation and tracking. C-PAT™ is, and will continue to be architected with emphasis towards interoperability with other RMF Tools. C-PAT™ is designed to to run as a standalone tool that can be used to document and track vulnerabilities, or it can be integrated with STIG Manager to provide a more comprehensive solution for oversight throughout the RMF process.
NIST defines a POAM as "a document for a system that identifies tasks needing to be accomplished. It details resources required to accomplish the elements of the plan, any milestones in meetings the tasks, and scheduled completion dates for the milestones".
The POAM document is an output of the "Assess" step of the Risk Management Framework.
