Plan of Action and Milestones | CA-5

Description

• Information Resource Owners or their designees are responsible for developing actionable plans to respond to risks identified through information security assessments.
• The action plan will document the steps to fix deficiencies or compensating controls that will be implemented to mitigate each risk, and any proposed security control exceptions that will be requested as part of the mitigation.
• Action plans must be submitted to the Cybersecurity Manager.

Last updated: 5/12/2026