We recommend Departmental Administration Information Technology Office management enforce the requirements for information system security documentation to be updated, reviewed, and approved in accordance with USDA policy. When annual security requirements cannot be completed within the required timeframe, ensure a formal risk waiver is procured.