History

Priority

must

Nov 2018

Removed

Removed due to a change from a compliance culture to a risk management culture.

2017

Agencies must comply with additional or alternative controls as stipulated in device andscenario-specific guidance issued by ASD.

2015

Agencies must comply with additional or alternative controls as stipulated in device andscenario–specific guidance issued by ASD.

2010

Agencies must comply with any specified compliance timeframes for information security policies that DSDdetermines is of particular importance.

2008

When DSD makes a determination that newly introduced policy within this manual, or an interim ICT security policy release, is of particular importance, agencies must comply with any specified compliance requirements and timeframes.