Doc:NIST SP 800-53r3 Appendix F/PM-4
PM-4 PLAN OF ACTION AND MILESTONES PROCESS
- Control: The organization implements a process for ensuring that plans of action and milestones for the security program and the associated organizational information systems are maintained and document the remedial information security actions to mitigate risk to organizational operations and assets, individuals, other organizations, and the Nation.
- Supplemental Guidance: The plan of action and milestones is a key document in the information security program and is subject to federal reporting requirements established by OMB. The plan of action and milestones updates are based on the findings from security control assessments, security impact analyses, and continuous monitoring activities. OMB FISMA reporting guidance contains instructions regarding organizational plans of action and milestones. Related control: CA-5.
- Control Enhancements: None.
- References: OMB Memorandum 02-01; NIST Special Publication 800-37.