PM-4: Plan of Action and Milestones Process

a process to ensure that plans of action and milestones for the information security program and associated organizational systems are developed;

a process to ensure that plans of action and milestones for the information security program and associated organizational systems are maintained;

a process to ensure that plans of action and milestones for the privacy program and associated organizational systems are developed;

a process to ensure that plans of action and milestones for the privacy program and associated organizational systems are maintained;

a process to ensure that plans of action and milestones for the supply chain risk management program and associated organizational systems are developed;

a process to ensure that plans of action and milestones for the supply chain risk management program and associated organizational systems are maintained;

a process to ensure that plans of action and milestones for the information security program and associated organizational systems document remedial information security risk management actions to adequately respond to risks to organizational operations and assets, individuals, other organizations, and the Nation;

a process to ensure that plans of action and milestones for the privacy program and associated organizational systems document remedial privacy risk management actions to adequately respond to risks to organizational operations and assets, individuals, other organizations, and the Nation;

a process to ensure that plans of action and milestones for the supply chain risk management program and associated organizational systems document remedial supply chain risk management actions to adequately respond to risks to organizational operations and assets, individuals, other organizations, and the Nation;

a process to ensure that plans of action and milestones for the information security risk management programs and associated organizational systems are reported in accordance with established reporting requirements;

a process to ensure that plans of action and milestones for the privacy risk management programs and associated organizational systems are reported in accordance with established reporting requirements;

a process to ensure that plans of action and milestones for the supply chain risk management programs and associated organizational systems are reported in accordance with established reporting requirements;