History

2008

Accreditation authorities must undertake the following activities prior to awarding an ICT security accreditation of a system: a. review the security risk management plan (SRMP) b. ensure any additional risk reduction strategies (above the minimum compliance requirements) are appropriate and effective c. review any variations from controls specified in this manual and the Australian Government Protective Security Manual, and that any relevant variations are in place d. confirm that all relevant certifications have been provided.