CA.2.159 Develop and implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities in organizational systems.

CMMC Practice CA.2.159: Develop and implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities in organizational systems.

Links to Publicly Available Resources

CMMC CLARIFICATION (Ref CMMC – Appendix B)

When you write a plan of action, you should define the clear goal or objective of the plan. You may include the following in the action plan:

    • ownership of who is accountable for ensuring the plan’s performance;
    • specific steps or milestones that are clear and actionable;
    • assigned responsibility for each step or milestone;
    • milestones to measure plan progress; and
    • completion dates.

Note that receiving Cybersecurity Maturity Model Certification requires all practices and processes to be implemented at the time of assessment. Any security requirements that were part of a plan of action must be closed/met in order to be granted the CMMC assessment.