Threat

Complacency in regards to the periodic review of existing policies and processes opens the door to emerging security threats that can negatively impact mission success. The dynamic nature of information technology warrants at least an annual review of existing policies and processes to help achieve uninterrupted operations.

Implementation Guidance

1. The DIACAP Team shall be an active participant in annual review process. 2. An annual IA review shall be conducted that comprehensively evaluates existing policies and processes to ensure procedural consistency and to ensure that they fully support the goal of uninterrupted operations. 3. The annual review process should account for the analysis of projected policy needs, and produce a plan for development or implementation of new policies or processes.

Resources

- DoDI 8500.2, Information Assurance (IA) Implementation, para E3.3.10, 06 February 2003 - Section 2224 of title 10, United States Code,"Defense Information Assurance Program”, 05 October 1999

Framework

DoD Instruction 8500.2

Subject Area

Security Design and Configuration

Impact Code

Medium

MAC Levels

MAC 1, MAC 2, MAC 3