U.S. Department of Health and Human Services
HHS must annually report the status of its information security program to OMB and the House Committee on Government Reform. These reports are called the Plan of Action and Milestones (POA&M) for each system. The POA&M tracks significant deficiencies in HHS security.
The POA&M is a management tool to focus attention on improving the security posture of IT resources used within HHS. HHS tracks the POA&M in the SPORT system.
As an IT Administrator, you may be asked to provide input to the POA&M. For reporting purposes, the data from each system is rolled up into one report which represents the entire HHS.
Page 2 of 5
HHS Policy FISMA and the POA&M