Topic

Shared ownership of gateways

Applicable to

all

History

Priority

should

Mar 2022

Removed

The existing recommendation that system owners be formal stakeholders for all security domains connected via gateways (ISM-0607) was rescinded due to duplication with the intent of the recommendation that system owners monitor each system, and associated cyber threats, security risks and security controls on an ongoing basis (ISM-1526). Notably, this requires system owners to be aware of the cyber threats posed to their systems by gateways and other connected systems. In doing so, system owners are encouraged to leverage requirements from the Guidelines for Outsourcing to achieve this outcome, such as exercising the right to verify compliance with security requirements documented in contractual arrangements (ISM-1738) and the ability to access all logs relating to their organisation’s data and services (ISM-1573).

Oct 2019

Once connectivity is established, system owners become information stakeholders for all connected security domains.

Security control 0608 was merged with security control 0607.

Sep 2019

Once connectivity is established, system owners become information stakeholders for all connected security domains.

2015

Once connectivity is established, system owners should become information stakeholders forall connected security domains.

2010

Once connectivity is established, system owners should become information stakeholders for all connectedsecurity domains.

2008

Once connectivity is established, domain owners should become information stakeholders for all connected domains.