ABSTRACT
Establish a program for conducting periodic reviews and evaluations of the security controls in each system,
both periodically and when systems undergo signifi-
cant modifications.
Ensure audit logs are reviewed periodically and all audit records are archived for future reference.