STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← All Controls

CA-5

Assessment, Authorization, and MonitoringRev 5organization

Plan of Action and Milestones

Baselines:LowModerateHighPrivacy

Control Statement

a. Develop a plan of action and milestones for the system to document the planned remediation actions of the organization to correct weaknesses or deficiencies noted during the assessment of the controls and to reduce or eliminate known vulnerabilities in the system; and b. Update existing plan of action and milestones [Assignment: frequency] based on the findings from control assessments, independent audits or reviews, and continuous monitoring activities.

Supplemental Guidance

Plans of action and milestones are useful for any type of organization to track planned remedial actions. Plans of action and milestones are required in authorization packages and subject to federal reporting requirements established by OMB.

Related Controls (7)

CA-2CA-7PM-4PM-9RA-7SI-2SI-12

CCI Identifiers (3)

CCI-000264Develop a plan of action and milestones for the system to document the planned remediation actions of the organization to correct weaknesses or deficiencies noted during the assessment of the controls and to reduce or eliminate known vulnerabilities in the system.CCI-000265Defines the frequency with which to update the existing plan of action and milestones for the system.CCI-000266Update, on an organization-defined frequency, the existing plan of action and milestones based on the findings from control assessments, independent audits or reviews, and continuous monitoring activities.

Linked STIG Checks (0)

No STIG checks reference this control.