Develops an information security architecture for the information system that:
Describes the overall philosophy, requirements, and approach to be taken with regard to protecting the confidentiality, integrity, and availability of organizational information;
Describes how the information security architecture is integrated into and supports the enterprise architecture; and
Describes any information security assumptions about, and dependencies on, external services;
Reviews and updates the information security architecture [Assignment: organization-defined frequency] to reflect updates in the enterprise architecture; and
Ensures that planned information security architecture changes are reflected in the security plan, the security Concept of Operations (CONOPS), and organizational procurements/acquisitions.