PL-03 System Security Plan Update
Control: The organization reviews the security plan for the information system [Assignment: organization-defined frequency, at least annually] and revises the plan to address system/organizational changes or problems identified during plan implementation or security control assessments.
Supplemental Guidance: Significant changes are defined in advance by the organization and identified in the configuration management process. NIST Special Publication 800-18 provides guidance on security plan updates.
Control Enhancements: (0) None.
Baseline: LOW PL-3 MOD PL-3 HIGH PL-3
ISO 17799 mapping: 6.1
COBIT 4.1 mapping: PO1.4
PCI-DSS v2 mapping: 12.1