CCI-004685

Implement technology refresh schedule to support the system throughout the system development life cycle.

Implementation Guidance

Determine if: - a technology refresh schedule is planned for the system throughout the system development life cycle. - a technology refresh schedule is implemented for the system throughout the system development life cycle.

Validation Procedures

Examine: [SELECT FROM: System and services acquisition policy; system and services acquisition procedures; procedures addressing technology refresh planning and implementation; system development life cycle documentation; technology refresh schedule; security risk assessment documentation; privacy impact assessment; privacy risk assessment documentation; system security plan; privacy plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with information security and privacy responsibilities; organizational personnel with system life cycle development responsibilities]. Test: [SELECT FROM: Organizational processes for defining and documenting the system development life cycle; organizational processes for identifying system development life cycle roles and responsibilities; organizational processes for integrating security and privacy risk management into the system development life cycle; mechanisms supporting and/or implementing the system development life cycle].

The controls below (if any) were marked by NIST as being related to CCI-004685.