To assist reporting entities in reaching full compliance with the security standards, the technology department should take the following actions: Annually follow up on the remediation plans that reporting entities submit.
In August 2015, the Department of Technology issued Technology Letter 15-03, and two new State Information Management Manual (SIMM) documents, directing state entities on the use of a new Plan of Action and Milestone (PoAM) tool. The instructions (SIMM 5305-B) and tool (SIMM 5305-C) provide a standardized approach to document details about remediation activity. The policy now requires departments to report on their corrective action progress on a quarterly basis. The PoAMs will be reviewed quarterly and departments will be provided feedback to ensure continued progress toward compliance.
Agency responses received are posted verbatim.