The authorization maintenance process consists of the following activities:
• Periodically review the security category of supported business activities;
• Re-assess the threat environment and the security performance of technical environments;
• Review the results of security control performance assessments; and
• Review the activities of IT operations group to ensure that they have adequately maintained the
security posture of their information systems according to the security provisions of their
operations plans.