Statement

The University shall develop and update, a plan of action and milestone process for information security and data privacy resources that document the University’s planned, implemented, and evaluated remedial actions to correct deficiencies noted during the assessment of the security controls to reduce or eliminate known vulnerabilities in the system.

Applicability

This Control applies to all West Texas A&M network information resources. The responsibility and authority for this control has been delegated to the CIO.

Implementation

IT shall implement plan of action and milestones for the both the information security program and the data protection program for information resources that:

• Includes WTAMU’s planned, implemented, and evaluated remedial actions to correct deficiencies noted during the assessment of the security controls to reduce or eliminate known vulnerabilities in the system.
• Is reported in accordance with applicable OMB FISMA reportoing requirements.
• The plan shall be reviewed periodically for consistency and changes in organizational priorities.