History
- Priority
- should
- Nov 2018
- Removed
- Removed as the fundamentals of risk management don’t need to be duplicated within this publication.
- 2017
- Agencies must determine system-specific security risks that could warrant additional controlsto those specified in this manual.
- 2015
- Agencies must determine system specific security risks that could warrant additional controlsto those specified in this manual.
- 2010
- Agencies should determine system specific security risks that could warrant additional controls to thosespecified in this manual.
- 2008
- Agencies should consider agency specific risks that could warrant additional controls beyond those specified in this manual.