The organization must have a strategy for developing and maintaining a cyber security architecture.
The strategy must match the organization's cyber security program and the organization's architecture.
The architecture must include: