Update the risk assessment on an organization-defined frequency or when there are significant changes to the system, its environment of operation, or other conditions that may impact the security or privacy state of the system.
No STIG checks reference this CCI.