home || catalog: SP800-53rev3 / class: Management / family: (CA) Security Assessment and Authorization ||
search controls:
search nistpubs:

AC
AT
AU
CA

CA-01
CA-02
CA-03
CA-04
CA-05 *
CA-06
CA-07

CM
CP
IA
IR
MA
MP
PE
PL
PM
PS
RA
SA
SC
SI
MMMMM

  CA-05: Plan of Action and Milestones  

base control objective:
The organization develops and updates [Assignment: organization-defined frequency], a plan of action and milestones for the information system.

supplemental objective information:
The plan of action and milestones is a key document in the security authorization package and is subject to federal reporting requirements established by OMB. The plan of action and milestones documents the organization’s planned, remedial actions to correct weaknesses or deficiencies noted during the assessment of the security controls and to reduce or eliminate known vulnerabilities in the system. The plan of action and milestones updates are based on the findings from security control assessments, security impact analyses, and continuous monitoring activities.

enhancements to the base objective:

(1) The organization employs automated mechanisms to help ensure that the plan of action and milestones for the information system is accurate, up to date, and readily available.

mapping to FIPS199 baseline:

  LOW: base     MOD: base     HIGH: base  

related (regimented) controls:

PM-04   Plan of Action and Milestones Process

documents referenced in SP800-53rev3 for CA-05:

Document Date Status Title
NIST SP800-18 February, 2006 current   Guide for Developing Security Plans for Federal Information Systems
NIST SP800-30 July 2002 groan...   Risk Management Guide for Information Technology Systems
NIST SP800-37 Feb, 2010 current   Guide for the Security Certification and Accreditation of Federal Information Systems
NIST SP800-39 December, 2010 DRAFT   Integrated Enterprise-Wide Risk Management: Organization, Mission, and Information System View
NIST SP800-65 January, 2005 current   Integrating IT Security into the Capital Planning and Investment Control Process

Search SP800-53rev3 catalog: