Published: 5/29/2023
Watch and Learn: Plan of Action and Milestones (POA&M)
Watch the video about Plan of Action and Milestones (POA&M) and learn how they are used to ensure the security of CMS FISMA systems
The process to mitigate risks and weaknesses in CMS systems is called a Plan of Action and Milestones (POA&M). A POA&M is created whenever audits reveal an area of weakness in security controls. This is an opportunity to strengthen or “harden” your system through carefully planned improvements – which boosts the overall resilience of our agency’s cyber infrastructure. The CMS security staff and your integrated team are ready to help you along the way.
This video is a quick and entertaining way to learn all about POA&Ms and how they are used at CMS.
More guidance about POA&M at CMS is available here.
If you have questions, contact the CISO Team (CISO@cms.hhs.gov), or ask a Cyber Risk Advisor in CMS Slack (#cra-help).
About the publisher:
The Training and Awareness Team works to build a more resilient and knowledgeable cybersecurity workforce at CMS by connecting people to helpful information and training opportunities.