NIST 800-171 R-3.12.2
Develop Plans of Action (POA&M)
Official citation: 3.12.2
Class: core · Severity: high
Statement of the obligation — verify against source
3.12.2
What it means
Develop and carry out plans of action and milestones (POA&Ms) to correct deficiencies and reduce or eliminate vulnerabilities found in your systems. A POA&M documents each weakness, the planned fix, the resources needed, and target dates, and tracks progress to closure.
Educational reference only — not legal advice. Consult a qualified assessor or attorney for binding compliance determinations.