CCI-003076
CCI-003076 Definition
Review and update the architectures in accordance with organization-defined frequency to reflect updates in the enterprise architecture.
Status | |
Type | CheckType.policy |
Master Assessment Datasheet
Implementation Guidance
The organization being inspected/assessed reviews and updates the information security architecture annually to reflect updates in the enterprise architecture. The organization must maintain an audit trail of reviews and updates. DoD has defined the frequency as annually.
Validation Procedures
The organization conducting the inspection/assessment obtains and examines the audit trail of reviews and updates to ensure the organization being inspected/assessed reviews and updates the information security architecture annually to reflect updates in the enterprise architecture. DoD has defined the frequency as annually.
Compelling Evidence
1.) Audit records of security plan updates include changes to the information security architecture.