We recommend the CIO: Develop clear standards for the documentation of information security controls and enforce the adherence to these standards through OCIO monitoring processes for developing, reviewing and maintaining system security plans and documentation.