A cyber security strategy is developed, implemented and maintained.
Topic
Cyber security strategy
Applicable to
all
History
Priority
must
Dec 2022
A cyber security strategy is developed, implemented and maintained.
Existing controls relating to the development and implementation of cyber security documentation were amended to ensure documentation is maintained throughout its lifetime.
Mar 2022
A cyber security strategy is developed and implemented.
Miscellaneous changes were made to rationale and recommendations throughout the publication to clarify content without changing intent. This included a review from the Guidelines for System Hardening chapter through to the Guidelines for Data Transfers chapter.
May 2019
A cyber security strategy is developed and implemented for the organisation.
Reintroduction of security control 0039.
Nov 2018
Removed
Removed to ensure a focus on system-specific security documentation.
2017
Agencies must have a document that fulfils the purpose of an ISP.
Control Text Changed. No public explaination.
2015
Agencies must have an ISP.
2010
Agencies must have an information security policy.