Description
The organization reviews the security plan for the information system [Assignment: organization-defined frequency, at least annually] and revises the plan to address system/organizational changes or problems identified during plan implementation or security control assessments.\n
Supplemental Guidance
Significant changes are defined in advance by the organization and identified in the configuration management process. NIST Special Publication 800-18 provides guidance on security plan updates.\n
Enhancements
(0) None.\n
Compliance Mappings
ISO 17799 (legacy)
6.1
COBIT 4.1 (legacy)
PO1.4