Plan of Action and Milestones — a formal, tracked remediation plan for a known control gap or weakness, with owners and target dates.
A POA&M (Plan of Action and Milestones) documents a specific security weakness or unmet control, the planned remediation steps, an owner, and target completion dates. It's a required artifact in FedRAMP and NIST SP 800-171/CMMC assessments — auditors expect open gaps to be tracked this way rather than left unaddressed.
Looking for another term or the full list?