History
- Priority
- must
- Nov 2018
- Removed
- Removed due to being better served as supporting information.
- 2017
- Agencies wishing to use an evaluated product in an unevaluated configuration must undertakea security risk assessment including:• the necessity for the unevaluated configuration• testing of the unevaluated configuration in the agency’s environment• documentation of any new vulnerabilities introduced due to the product being used outsideof its evaluated configuration.
- Control Text Changed. No public explaination.
- 2015
- Agencies wishing to use an evaluated product in an unevaluated configuration mustundertake a security risk assessment including:• the necessity of the unevaluated configuration• testing of the unevaluated configuration in the agency’s environment• new vulnerabilities introduced due to the product being used outside of its evaluatedconfiguration.
- 2010
- Agencies wishing to use a product in an unevaluated configuration must undertake a security riskassessment including:• the necessity of the unevaluated configuration• testing of the unevaluated configuration• the environment in which the unevaluated product is to be used.
- 2008
- Agencies wishing to use a product in an unevaluated configuration must undertake a risk assessment including: a. the necessity of the unevaluated configuration b. testing of the unevaluated configuration c. the environment in which the unevaluated product is to be used.