PL-03 System Security Plan Update

Control: The organization reviews the security plan for the information system [Assignment: organization-defined frequency, at least annually] and revises the plan to address system/organizational changes or problems identified during plan implementation or security control assessments.

Supplemental Guidance: Significant changes are defined in advance by the organization and identified in the configuration management process. NIST Special Publication 800-18 provides guidance on security plan updates.

Control Enhancements: (0) None.

Baseline: LOW PL-3 MOD PL-3 HIGH PL-3

Family: Planning

Class: Management

ISO 17799 mapping: 6.1

COBIT 4.1 mapping: PO1.4

PCI-DSS v2 mapping: 12.1