CMMC Practice Requirement:

Develop and implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities in organizational systems.

CMMC Requirement Explanation:

Plans of action address how and when you plan to implement any absent CMMC practices and processes. You need to complete the items on your POA&M before attempting a formal CMMC assessment.

Example CMMC Implementation:

Create a plan of action and milestones (POA&M) document to list any unimplemented security requirements identified in security assessments. Your POA&M should include who is responsible for each item, specific steps necessary to implement the item, milestones to measure progress, and completion dates.

Scenario(s):

- Scenario 1:

Your company has under gone a security assessment/gap analysis in which it was determined that 10 security practices were not implemented. These practices were added to your POA&M and assigned responsible persons and completion dates.
 

Discover Our NIST SP 800-171 Solutions:

 /assets/images/compliance_accelerator_white.png

Compliance Accelerator

For contractors seeking compliance
 /assets/images/quantum_assessor_white.png

Quantum Assessor

For IT service providers
 /assets/images/supply_chain_logo_white.png

Supply Chain Verifier

For contractors seeking to verify partner compliance