History

2008

Accreditation authorities granting a provisional ICT security accreditation must consider the following: a. that the security risk associated with the area(s) of non-conformance have been identified and accepted by the system owner b. a clear and realistic process to meet all requirements has been agreed to c. an expiry date for the provisional ICT security accreditation has been set.