Plan of Action and Milestones (POA&M)

A Plan of Action and Milestones (POA&M) is a formal document required by the Federal Information Security Modernization Act that lists identified information-system security weaknesses, specifies corrective actions, and sets timelines and responsibilities for remediation, enabling agencies to track and report compliance with federal cybersecurity requirements.