TX HHS Form 0021. External Entity Information Security Plan of Action and Milestone

The Texas Health and Human Services (HHS) Form 0021, External Entity Information Security Plan of Action and Milestone, is a mandatory submission for legal entities under contract with HHS. This form requires organizations to report noncompliance with security requirements and outline remediation plans to resolve the issue.

The POA&M form consists of three sections: External Entity Information, Noncompliance Description, and Plan of Action and Milestone. The first section collects basic information about the submitting organization, including point of contact details. The second section describes the noncompliant security control, providing a detailed explanation of the issue and its estimated risk to HHS data. The third section outlines the plan for remediating the noncompliance, including required steps, timelines, responsible personnel, and costs.

This form is essential for ensuring the security and integrity of sensitive information shared between Texas HHS and external entities. By submitting a POA&M, organizations demonstrate their commitment to protecting HHS data and comply with contractual obligations. The issuing agency, Texas HHS, relies on this form to monitor and address potential security risks, ultimately safeguarding the confidentiality, integrity, and availability of critical information.