CMMC 1.0 Practice CA.2.159 Requirement:
Develop and implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities in organizational systems.
CMMC 1.0 CA.2.159 Requirement Explanation:
Plans of action address how and when you plan to implement any absent CMMC practices and processes. You need to complete the items on your POA&M before attempting a formal CMMC assessment.
Example CMMC 1.0 CA.2.159 Implementation:
Create a plan of action and milestones (POA&M) document to list any unimplemented security requirements identified in security assessments. Your POA&M should include who is responsible for each item, specific steps necessary to implement the item, milestones to measure progress, and completion dates.
CMMC 1.0 CA.2.159 Scenario(s):
- Scenario 1:
Your company has under gone a security assessment/gap analysis in which it was determined that 10 security practices were not implemented. These practices were added to your POA&M and assigned responsible persons and completion dates.
Quick & Simple
Discover Our Cybersecurity Compliance Solutions:
Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you
NIST SP 800-171 & CMMC Compliance
Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC requirements.
HIPAA Compliance
Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
FAR 52.204-21 Compliance
Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.
ISO 27001 Compliance
Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.