800-53|PM-4

Title

PLAN OF ACTION AND MILESTONES PROCESS

Description

The organization:

Supplemental

The plan of action and milestones is a key document in the information security program and is subject to federal reporting requirements established by OMB. With the increasing emphasis on organization-wide risk management across all three tiers in the risk management hierarchy (i.e., organization, mission/business process, and information system), organizations view plans of action and milestones from an organizational perspective, prioritizing risk response actions and ensuring consistency with the goals and objectives of the organization. Plan of action and milestones updates are based on findings from security control assessments and continuous monitoring activities. OMB FISMA reporting guidance contains instructions regarding organizational plans of action and milestones.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Related: CA-5

Category: PROGRAM MANAGEMENT

Family: PROGRAM MANAGEMENT

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
Building Threat Protection Layers	amazon_aws	Tenable AWS Best Practice Audit
Conclusion	amazon_aws	Tenable AWS Best Practice Audit
Using Additional Application Security Practices	amazon_aws	Tenable AWS Best Practice Audit

Detections

Analytics