The creation and maintenance of a Plan of Action and Milestones (POA&M) containing security control implementation weaknesses and technical vulnerabilities is an integral part of Federal Information Security Management Act (FISMA) compliance and the Continuous Monitoring phase of the associated National Institute of Standards and Technology (NIST) Risk Management Framework. The POA&M maintenance process is a mechanism for management to track the mitigation of an organization's cyber security program risks and the system-level weaknesses identified therein. TDI recognizes that the real value behind the POA&M pertains to ongoing security management more than to serving as a reporting mechanism to leadership. TDI goes beyond assisting its clients in the mere assembly and reporting aspects of the POA&M. Our security professionals help our customers in developing, documenting, and implementing corrective action plans, determining causal factors and trends based on POA&M weaknesses, and assessing the effectiveness of corrective actions to ensure successful resolution and prevention of exposed problems. TDI will ensure that open POA&M items do not stagnate by managing a comprehensive remediation lifecycle that shepherds remediation efforts from inception, testing and implementation, to full integration into the system. We can support your organization's POA&M management efforts, make you aware of associated requirements, and so reduce the risk of compromise of confidentiality, integrity, and availability of your organization's IT systems and data.
- About TDI
- TDI Labs