Develops, documents, and disseminates to [Assignment: organization-defined personnel or roles]:
An identification and authentication policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and
Procedures to facilitate the implementation of the identification and authentication policy and associated identification and authentication controls; and
Reviews and updates the current:
Identification and authentication policy [Assignment: organization-defined frequency]; and
Identification and authentication procedures [Assignment: organization-defined frequency].