Plan of Action and Milestones from NIST 800-171 Rev 3 framework

SAMMY UI is optimized for resolutions with a width 1024px and higher.

Access Control
Awareness and Training
- Literacy Training and Awareness
- Role-Based Training
Audit and Accountability
Configuration Management
Identification and Authentication
Incident Response
Maintenance
Media Protection
Personnel Security
- Personnel Screening
- Personnel Termination and Transfer
Physical Protection
Risk Assessment
Security Assessment and Monitoring
System and Communications Protection
System and Information Integrity
Planning
System and Services Acquisition
Supply Chain Risk Management

Plan of Action and Milestones

03.12.02: Plan of Action and Milestones

a. Develop a plan of action and milestones for the system:
     01. To document the planned remediation actions to correct weaknesses or deficiencies noted during security assessments and
     02. To reduce or eliminate known system vulnerabilities.
b. Update the existing plan of action and milestones based on the findings from:
     01. Security assessments,
     02. Audits or reviews, and
     03. Continuous monitoring activities.

Description

Plans of action and milestones (POAMs) are important documents in organizational security programs. Organizations use POAMs to describe how unsatisfied security requirements will be met and how planned mitigations will be implemented. Organizations can document system security plans and POAMs as separate or combined documents in any format. Federal agencies may consider system security plans and POAMs as inputs to risk-based decisions on whether to process, store, or transmit CUI on a system hosted by a nonfederal organization.