Plan of Action and Milestones (POA&M) Management Playbook

Feel like you are herding cats when trying to manage a vast number of information security vulnerability action plans and keep up with the many milestones that they establish? Actually, that is exactly like herding cats and its a tough job.

To help, OCEG and sponsor RSA have produced a new Playbook for those who face the challenges of keeping on top of defects and correcting them in budget and on time. While the Plan of Action and Milestones (POA&M) Management process is required for for government agencies and contractors, it can also provide a useful roadmap for those in the private sector to follow.

Scope of This POA&M Playbook
This playbook takes a deep dive into one discrete aspect of information security in the public sector the management of POA&Ms. It provides three play sheets that outline key actions, which should be adapted to fit the organizational structure, risk tolerance levels and key concerns identified by your organization. The playsheets also offer value when used to evaluate the capabilities of software as you assess what you have and what you may need to acquire to adequately manage your process risks. The playsheets combined with an automation tool empower organizations to consistently track and manage findings and risks. The Playbook concludes with an overview of added benefits from the use of a customizable technology that integrates information from all three stages of information security management.