CMMC 2.0 • LEVEL 2 • SECURITY ASSESSMENT

CA.L2-3.12.2Plan of Action and Milestones

Develop a plan of action and milestones for the system: To document the planned remediation actions to correct weaknesses or deficiencies noted during security assessments and To reduce or eliminate known system vulnerabilities. Update the existing plan of action and milestones based on the findings from: Security assessments, Audits or reviews, and Continuous monitoring activities.

NIST 800-171 Mapping

NIST 800-53 Controls

CA-2

Assessment Objectives

  • a plan of action and milestones for the system is developed to document the planned remediation actions for correcting weaknesses or deficiencies noted during security assessments.
  • a plan of action and milestones for the system is developed to reduce or eliminate known system vulnerabilities.
  • the existing plan of action and milestones is updated based on the findings from security assessments.
  • the existing plan of action and milestones is updated based on the findings from continuous monitoring activities.
  • the existing plan of action and milestones is updated based on the findings from audits or reviews.

Practitioner Notes

Practitioner commentary coming soon.

Related CMMC 2.0 Practices

CA.L2-3.12.1 Security Assessment CA.L2-3.12.3 Continuous Monitoring CA.L2-3.12.4 Develop, Document, and Periodically Update System Security Plans