CA-5: Plan Of Action and Milestones

NIST Baseline:  Low 

Privacy Baseline:  Yes 

DIR Required By:  01/20/2023 

Review Date:  06/26/2024 

1. Develop a plan of action and milestones for the system to document the planned remediation actions of the organization to correct weaknesses or deficiencies noted during the assessment of the controls and to reduce or eliminate known vulnerabilities in the system; and 

2. Update existing plan of action and milestones biennially (every other year) based on the findings from control assessments, independent audits or reviews, and continuous monitoring activities. 

---

References/Additional Resources

None.  See any applicable internal procedures.