87
InformatIon SecurIty PolIcy DeveloPment for comPlIance
• Is reviewed and approved by the authorizing ocial or
designated representative prior to plan implementation;
b. Reviews the security plan for the information system [Assign-
ment: organization-dened frequency]; and
c. Updates the plan to address changes to the information
system/environment of operation or problems identied dur-
ing plan implementation or security control assessments.
PL-3 SYSTEM SECURITY PLAN UPDATE
[Withdrawn: Incorporated into PL-2]
PL-4 RULES OF BEHAVIOR
Control: e organization:
a. Est
ablishes and makes readily available to all informa-
tion system users the rules that describe their responsibili-
ties and expected behavior w