NIST 800-53 REV 5 • ASSESSMENT, AUTHORIZATION, AND MONITORING

CA-5(1)Automation Support for Accuracy and Currency

Ensure the accuracy, currency, and availability of the plan of action and milestones for the system using {{ insert: param, ca-05.01_odp }}.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Supplemental Guidance

Using automated tools helps maintain the accuracy, currency, and availability of the plan of action and milestones and facilitates the coordination and sharing of security and privacy information throughout the organization. Such coordination and information sharing help to identify systemic weaknesses or deficiencies in organizational systems and ensure that appropriate resources are directed at the most critical system vulnerabilities in a timely manner.

Practitioner Notes

This enhancement requires automated tools to keep your POA&M accurate and current rather than relying on manual spreadsheet updates that quickly go stale.

Example 1: Integrate your Tenable.io vulnerability scanner with your GRC platform so that when a vulnerability is remediated, the corresponding POA&M entry automatically updates.

Example 2: Use Jira or ServiceNow to track POA&M items with automated notifications that alert owners when milestones are approaching or overdue.

More Assessment, Authorization, and Monitoring Controls

CA-1 Policy and Procedures CA-2 Control Assessments CA-2(1) Independent Assessors CA-2(2) Specialized Assessments