Plan of Action and Milestones
A formal document that tracks known security weaknesses, the resources needed to fix them, and the scheduled milestones for remediation. It is a required artifact in federal security programs like FISMA and FedRAMP, where it shows authorizing officials that residual risks are being managed. In plain terms, it is the government's official to-do list for security gaps.