NIST SP 800-171 & CMMC 2.0 Control 3.12.2 Requirement:

Develop and implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities in organizational systems.

NIST SP 800-171 & CMMC 2.0 3.12.2 Requirement Explanation:

The plan of action is a key document in the information security program. Organizations develop plans of action that describe how any unimplemented security requirements will be met and how any planned mitigations will be implemented.

Example NIST SP 800-171 & CMMC 2.0 3.12.2 Implementation:

Create a plan of action and milestones (POA&M) document to list any unimplemented security requirements identified in security assessments. Your POA&M should include who is responsible for each item, specific steps necessary to implement the item, milestones to measure progress, and completion dates.

NIST SP 800-171 & CMMC 2.0 3.12.2 Scenario(s):

- Scenario 1:

Your company has under gone a security assessment/gap analysis in which it was determined that 10 security practices were not implemented. These practices were added to your POA&M and assigned to members of the IT team for remediation.

Discover Our NIST SP 800-171 & CMMC 2.0 Solutions:


Compliance Accelerator

Power through compliance. Meet and maintain your NIST SP 800-171 & CMMC 2.0 compliance requirements.

Quantum Assessor

Transform your business. Create new revenue streams and provide scalability for your NIST SP 800-171 and CMMC 2.0 services.

Supply Chain Verifier

Trust is everything. Verify, monitor, and support subcontactor compliance.