← Cybersecurity Alphabet Soup

POA&M

Plan of Action and Milestones

governancehard

A formal document that tracks known security weaknesses, the resources needed to fix them, and the scheduled milestones for remediation. It is a required artifact in federal security programs like FISMA and FedRAMP, where it shows authorizing officials that residual risks are being managed. In plain terms, it is the government's official to-do list for security gaps.

Sources

More in governance