Review and update the SINet system security plan where it is determined implementation statements do not accurately describe current controls in place. At a minimum, the SINet system owner should update implementation descriptions for the following controls, AC-6 Least Privilege, AC-17 Remote Access, IA-2 Identification and Authentication Organizational Users, IA-5 Authenticator Management, CP-3 Contingency Training, and SI-3 Malicious Code Protection.