History

Priority

must

Dec 2019

Removed

Security controls 0598, 1519, 0605 and 1041 relating to security risk assessments for gateways were removed. These security controls overlapped with the obligation of system owners to obtain authorisation to operate each of their systems from their system’s authorising officer (security control 0027) and to monitor security risks and the effectiveness of security controls for each of their systems (security control 1526). Furthermore, the risk-based approach to cyber security outlined in Using the Australian Government Information Security Manual discusses the need for a risk assessment as fundamental to selecting security controls, authorising the system to operate and monitoring the system.

Nov 2019

All system owners of systems connected via a gateway understand and accept security risks associated with the gateway and any connected security domains, including those connected via a cascaded connection.

2017

All owners of systems connected via a gateway must understand and accept the residualsecurity risk of the gateway and from any connected security domains, including thoseconnected via a cascaded connection.

Control Text Changed. No public explaination.

2015

All owners of systems connected via a gateway must understand and accept the residualsecurity risk of the gateway and from any connected security domains including thoseconnected via a cascaded connection.

2010

All owners of systems connected via a gateway must understand and accept the residual security risk of thegateway and from any connected security domains including those connected via a cascaded connection.

2008

All domain owners connected through the CDS must accept any unmitigated risks of the CDS or CDS network.