History
- Priority
- must
- Nov 2018
- Removed
- Removed due to covering the same intent as security control 0605.
- 2017
- If information is processed, stored or communicated by a system not under an agency’scontrol, the agency must ensure that the other party’s system has appropriate securitymeasures in place to protect the agency’s information.
- 2015
- If information is processed, stored or communicated by a system not under an agency’scontrol, the agency must ensure that the other party’s system has appropriate securitymeasures in place to protect the agency’s information.
- 2010
- If a system exchanges information with a third-party system, the agency must ensure the receiving partyhas appropriate security measures in place to protect their information.
- 2008
- Where an agency’s system exchanges information with another agency or third-party system, the agency must ensure that the receiving party has appropriate measures in place to provide a level of protection commensurate with the classification or sensitivity of their information.