History
- Priority
- should
- Dec 2019
- Removed
- Security controls 0624 and 0625 were removed as the change management process, including the updating of risk assessments, is covered by security control 1211 within the change management section of the Guidelines for System Management.
- Nov 2019
- Any associated security risk assessments are updated before changes are made to a gateway to ensure all relevant security risks have been documented and accepted.
- 2015
- Agencies must update the Security Risk Management Plan before changes are made to thegateway to ensure all security risks have been accepted.
- 2010
- Agencies should limit changes to gateways after installation.
- 2008
- Agencies should limit changes to the CDS after installation.