CA-5 Plan of Action and Milestones

Description

The university identifies, accepts, mitigates, and responds to risks identified in the annual risk assessments with actionable plans and decisions.

For all weaknesses and deficiencies noted during the annual risk assessment of security controls, the information resource owner, or designee, shall develop a plan of action and milestones to document the unit’s planned remedial actions to reduce or eliminate known vulnerabilities to the information resource.