Citation[]
Office of Management and Budget, Guidance for Preparing and Submitting Security Plans of Action and Milestones (OMB Memorandum M-02-01) (Oct. 17, 2001) (full-text).
Overview[]
On June 22, 2001, the OMB issued a memorandum on "Reporting Instructions for the Government Information Security Reform Act" (OMB Memorandum M-01-24). In that memorandum, OMB asked each agency to submit, with its September budget request, a set of program reviews and evaluations of both unclassified and classified systems, along with an executive summary. In addition, OMB asked each agency to submit to OMB by October 31, 2001, (with brief quarterly updates thereafter) "a plan of action with milestones" to address all weaknesses identified by program reviews and evaluations.
In response to the June 22 memorandum, several agencies asked the OMB to issue more detailed guidance that further describes, and provides a standard format for, the information that agencies should include in their plans of action and milestones (POA&M). Working with representatives of agency program offices and Inspector General offices, OMB developed this POA&M guidance, which provides specific instructions and examples for the POA&Ms.