Examine information security program documentation for the organization system maintenance policy and that the system maintenance policy is reviewed and updated at least every three years.
Examine organization system maintenance policy for evidence that the policy addresses, purpose, scope, roles and responsibilities, management commitment, coordination among organizational entities, and compliance.
Examine information system program documentation for procedures that facilitate the implementation of the system maintenance policy and procedures are reviewed and updated at least annually.
Examine organization system maintenance policy and procedures, or other relevant documents for the organization elements having associated ...
Get Security Controls Evaluation, Testing, and Assessment Handbook now with the O’Reilly learning platform.
O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.