As the Chief Information Security Officer (CISO) of a federal agency, you are responsible for reviewing and approving the security plan for a new information system. The security plan has been submitted by the system owner and includes a list of proposed security controls. However, upon reviewing the plan, you notice that several of the proposed controls are not in line with the agency's security policies and guidelines. What should you do in this scenario?