History
- Priority
- should
- Nov 2018
- Removed
- Removed due to not having a strong reason to be retained. Reaccreditation should be triggered by significant changes to a system or its operating environment, not an arbitrary timeframe.
- 2017
- Agencies should ensure that the period between accreditations of systems does not exceedtwo years.
- 2015
- Agencies should ensure that the period between accreditations of systems does not exceedtwo years.
- 2010
- Agencies should ensure that the period between accreditations of systems does not exceed two years.
- 2008
- Agencies should ensure that the period between initial ICT security accreditation and re-accreditation as well as subsequent re-accreditations of each of their systems does not exceed two years.