History
- Priority
- must
- Dec 2019
- Removed
- Security controls 0598, 1519, 0605 and 1041 relating to security risk assessments for gateways were removed. These security controls overlapped with the obligation of system owners to obtain authorisation to operate each of their systems from their system’s authorising officer (security control 0027) and to monitor security risks and the effectiveness of security controls for each of their systems (security control 1526). Furthermore, the risk-based approach to cyber security outlined in Using the Australian Government Information Security Manual discusses the need for a risk assessment as fundamental to selecting security controls, authorising the system to operate and monitoring the system.
- Nov 2019
- A security risk assessment is performed on gateways and their configuration before their implementation.
- 2015
- Agencies must perform a security risk assessment on gateways and their configuration beforetheir implementation.
- 2010
- Agencies must perform a security risk assessment on gateways and their configuration beforetheir implementation.
- 2008
- Agencies must perform a security risk assessment on the specific CDS installation network and configuration prior to implementing a CDS.