Statement

The University shall develop and update, a plan of action and milestone process for security information resources that document the University’s planned, implemented, and evaluated remedial actions to correct deficiencies noted during the assessment of the security controls to reduce or eliminate known vulnerabilities in the system.

Applicability

This Control applies to all West Texas A&M network information resources. The responsibility and authority for this control is shared between the CIO and the ISO.

Implementation

The CIO in corridination with the ISO shall implement a plan of action and milestones for the security program and associated WTAMU information resources that:

• Includes WTAMU’s planned, implemented, and evaluated remedial actions to correct deficiencies noted during the assessment of the security controls to reduce or eliminate known vulnerabilities in the system.
• Is reported in accordance with applicable OMB FISMA reportoing requirements.
• The plan shall be reviewed periodically for consistency and changes in organizational priorities.