Cybersecurity

Josef Kamara, CPA, CISSP, CISA · Updated May 6, 2026 · 1 minute read

POA&M

Plan of Action and Milestones, a formal remediation document listing security deficiencies, corrective actions, responsible owners, and target completion dates. In CMMC assessments, open POA&M items must be resolved before certification is issued.

From the library

The full analysis on POA&M.

The article is where the term meets the practitioner. Read how this concept actually shows up in audit, in remediation, and in the boardroom.

Read the analysis →
The Authority Brief

One compliance analysis per week from Josef Kamara, CPA, CISSP, CISA. Federal and private compliance, written for practitioners.