Navigate

CCI-000142

CCI-000142 Definition

The organization implements a process for ensuring that plans of action and milestones for the security program and the associated organizational information systems are maintained.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

DoDI 8510.01 and the Knowledge Service meet the DoD requirements to maintain a process for plans of action and milestones for the security program. DoD Components are automatically compliant with this CCI because they are covered by the DoD level policy, DoDI 8510.01 and the Knowledge Service.

Validation Procedures

Compelling Evidence

Automatically compliant per DoDI 8510.01.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000142.

Control	Description
PM-4	The organization: PM-4a.: Implements a process for ensuring that plans of action and milestones for the security program and associated organizational information systems: PM-4a.1.: Are developed and maintained; PM-4a.2.: Document the remedial information security actions to adequately respond to risk to organizational operations and assets, individuals, other organizations, and the Nation; and PM-4a.3.: Are reported in accordance with OMB FISMA reporting requirements. PM-4b.: Reviews plans of action and milestones for consistency with the organizational risk management strategy and organization-wide priorities for risk response actions.

Control

Description

PM-4

The organization:

PM-4a.: Implements a process for ensuring that plans of action and milestones for the security program and associated organizational information systems:
- PM-4a.1.: Are developed and maintained;
- PM-4a.2.: Document the remedial information security actions to adequately respond to risk to organizational operations and assets, individuals, other organizations, and the Nation; and
- PM-4a.3.: Are reported in accordance with OMB FISMA reporting requirements.

PM-4b.: Reviews plans of action and milestones for consistency with the organizational risk management strategy and organization-wide priorities for risk response actions.