The organization reviews/updates, per organization-defined frequency, a formal, documented security planning policy.
No STIG checks reference this CCI.