NIST 800-53 r5 · Controls catalogue · Family CA
CA-5Plan of Action and Milestones
Develop a plan of action and milestones for the system to document the planned remediation actions of the organization to correct weaknesses or deficiencies noted during the assessment of the controls and to reduce or eliminate known vulnerabilities in the system; and Update existing plan of action and milestones {{ insert: param, ca-05_odp }} based on the findings from control assessments, independent audits or reviews, and continuous monitoring activities.
Last updated: 09 May 2026 03:25 UTC
Implementations targeting this control (0)
- No implementations targeting this control yet.
ATT&CK techniques this control mitigates (0)
- No ATT&CK techniques mapped to this control yet.
Weaknesses this control addresses (3)AI
CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.
| CWE | Name | CVEs | Why this control addresses it |
|---|---|---|---|
CWE-284 | Improper Access Control | 4,832 | Weaknesses in access control are explicitly planned for remediation based on assessments, directly reducing unauthorized access risks. |
CWE-693 | Protection Mechanism Failure | 476 | The POA&M process ensures identified weaknesses in protection mechanisms are documented and scheduled for remediation, reducing the duration they remain exploitable. |
CWE-657 | Violation of Secure Design Principles | 19 | Deficiencies violating secure design principles are tracked and corrected through planned actions, limiting attacker opportunities from design flaws. |
Top CVEs where this control is the strongest mitigation
| CVE | Risk | CVSS | EPSS | Match |
|---|---|---|---|---|
| No CVEs annotated to this control yet — the per-CVE backfill is in progress. | ||||