Navigate

CCI-000264

CCI-000264 Definition

Develop a plan of action and milestones for the system to document the planned remediation actions of the organization to correct weaknesses or deficiencies noted during the assessment of the controls and to reduce or eliminate known vulnerabilities in the system.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed will develop a security POA&M in accordance with DoDI 8510.01 Enclosure 6. POA&M templates are available on the Knowledge Service.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the security POA&M for compliance with DoDI 8510.01.

Compelling Evidence

1.) Signed and dated Security Plan of Action and Milestones document for compliance with DoDI 8510.01

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000264.

Control	Description
CA-5	The organization: a: Develops a plan of action and milestones for the information system to document the organization’s planned remedial actions to correct weaknesses or deficiencies noted during the assessment of the security controls and to reduce or eliminate known vulnerabilities in the system; and b: Updates existing plan of action and milestones [organization-defined frequency] based on the findings from security controls assessments, security impact analyses, and continuous monitoring activities.

Control

Description

CA-5

The organization:

a: Develops a plan of action and milestones for the information system to document the organization’s planned remedial actions to correct weaknesses or deficiencies noted during the assessment of the security controls and to reduce or eliminate known vulnerabilities in the system; and

b: Updates existing plan of action and milestones [organization-defined frequency] based on the findings from security controls assessments, security impact analyses, and continuous monitoring activities.