TX HHS Form 0021. External Entity Information Security Plan of Action and Milestone

The TX HHS Form 0021: External Entity Information Security Plan of Action and Milestone is a crucial document that helps external entities under contract with Texas Health and Human Services (HHS) identify and remediate security requirements that are not in place. This form is used whenever an entity identifies a security requirement that cannot be immediately remediated, requiring the submission of a plan to resolve the noncompliance.

The form consists of three main sections: External Entity Information, Noncompliance Description, and Plan of Action and Milestone. The first section requires entities to provide their point of contact information, while the second section helps HHS understand the issue being addressed and the estimated risk it poses to HHS data. The third section outlines a formal plan for how the noncompliant security control will be remediated, including required steps, estimated timelines, responsible personnel, and costs.

This form is essential for ensuring the security of sensitive information and maintaining compliance with HHS requirements. Key features include the requirement to submit a separate POA&M form for each noncompliant security control and the need to provide detailed descriptions of findings and remediation plans. By using this form, external entities can demonstrate their commitment to information security and maintain a positive relationship with HHS.

• The form is used by external entities under contract with Texas HHS to identify and remediate noncompliant security controls.
• A separate POA&M form is required for each noncompliant security control.
• The form helps ensure the security of sensitive information and maintains compliance with HHS requirements.