NIST SP 800-171 & CMMC 2.0 3.12.2 Requirement:
Develop and implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities in organizational systems.
NIST SP 800-171 & CMMC 2.0 3.12.2 Requirement Explanation:
The plan of action is a key document in the information security program. Organizations develop plans of action that describe how any unimplemented security requirements will be met and how any planned mitigations will be implemented.
Example NIST SP 800-171 & CMMC 2.0 3.12.2 Implementation:
Create a plan of action and milestones (POA&M) document to list any unimplemented security requirements identified in security assessments. Your POA&M should include who is responsible for each item, specific steps necessary to implement the item, milestones to measure progress, and completion dates.
NIST SP 800-171 & CMMC 2.0 3.12.2 Scenario(s):
- Scenario 1:
Your company has under gone a security assessment/gap analysis in which it was determined that 10 security practices were not implemented. These practices were added to your POA&M and assigned to members of the IT team for remediation.
Quick & Simple
Discover Our Cybersecurity Compliance Solutions:
Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you
NIST SP 800-171 & CMMC Compliance
Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC requirements.
HIPAA Compliance
Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
FAR 52.204-21 Compliance
Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.
ISO 27001 Compliance
Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.