Security Requirements for 03.12.02 Plan of Action and Milestones

Plans of action and milestones (POAMs) are important documents in organizational security programs. Organizations use POAMs to describe how unsatisfied security requirements will be met and how planned mitigations will be implemented. Organizations can document system security plans and POAMs as separate or combined documents in any format. Federal agencies may consider system security plans and POAMs as inputs to risk-based decisions on whether to process, store, or transmit CUI on a system hosted by a nonfederal organization.

View CPRT 03.12.02

  1. 03.12.02.a

    Develop a plan of action and milestones for the system:

  2. 03.12.02.a.01

    To document the planned remediation actions to correct weaknesses or deficiencies noted during security assessments and

  3. 03.12.02.a.02

    To reduce or eliminate known system vulnerabilities.

  1. 03.12.02.b

    Update the existing plan of action and milestones based on the findings from:

  2. 03.12.02.b.01

    Security assessments,

  3. 03.12.02.b.02

    Audits or reviews, and

  4. 03.12.02.b.03

    Continuous monitoring activities.