This objective ensures your organization has a documented process to periodically review and update baseline configurations, especially in response to changes in systems, threats, or compliance requirements—particularly on systems handling Controlled Unclassified Information (CUI).