PM-4: Plan of Action and Milestones Process

Privacy Baseline: Yes

It is the responsibility of the Tarleton President/CEO, in coordination with the Tarleton Chief Information Security Officer (CISO), to implement a process for ensuring that plans of action and milestones for the security program and associated Tarleton information resources:
- Are developed and maintained,
- Document the remedial information security actions to adequately respond to risk to Tarleton operations and assets, individuals, other organizations, and
- Are reported in accordance with OMB FISMA reporting requirements, as applicable.
The Tarleton CIO, in coordination with the Tarleton CISO, shall review plans of action and milestones for consistency with the university risk management strategy and priorities for risk response actions.
- The plan of action and milestones will be included in the biennial Information Security Program Plan and included in reports as documented in Controls PL-1, Security Planning Policy and Procedures, and PM-1, Information Security Program Plan.

None. See any applicable internal procedures.