CCI-000266

Update, on an organization-defined frequency, the existing plan of action and milestones based on the findings from control assessments, independent audits or reviews, and continuous monitoring activities.

Implementation Guidance

Determine if existing plan of action and milestones are updated [CA-05_ODP; the frequency at which to update an existing plan of action and milestones based on the findings from control assessments, independent audits or reviews, and continuous monitoring activities is defined] based on the findings from control assessments, independent audits or reviews, and continuous monitoring activities.

Validation Procedures

Examine: [SELECT FROM: Assessment, authorization, and monitoring policy; procedures addressing plan of action and milestones; control assessment plan; control assessment report; control assessment evidence; plan of action and milestones; system security plan; privacy plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with plan of action and milestones development and implementation responsibilities; organizational personnel with information security and privacy responsibilities]. Test: [SELECT FROM: Mechanisms for developing, implementing, and maintaining plan of action and milestones].

The controls below (if any) were marked by NIST as being related to CCI-000266.