History
- Priority
- should
- Nov 2018
- Removed
- This activity may be conducted in support of a security assessment but is not the primary focus of a security assessment. The primary focus of a security assessment is to assess the selection, implementation and effectiveness of security controls identified in the Statement of Applicability (SoA).
- 2017
- The system architecture, including associated documentation, must be reviewed by theassessor to determine whether it is based on sound security principles. This includes:• determining whether appropriate policies have been developed to protect information thatis processed, stored or communicated by the system• determining whether the SRMP, SSP, SOPs and IRP are comprehensive and appropriate forthe environment the system is to operate in• determining whether all relevant controls specified in this manual and supplementarypublications are addressed.
- 2015
- The system architecture, including associated documentation, must be reviewed by theassessor to determine whether it is based on sound security principles. This includes:• determining whether appropriate policies have been developed to protect information thatis processed, stored or communicated by the system• determining whether the SRMP, SSP, SOPs and IRP are comprehensive and appropriate forthe environment the system is to operate in• determining whether all relevant controls specified in this manual and supplementarypublications are addressed.
- 2010
- The system architecture should be reviewed by the assessor to ensure it is based on sound securityprinciples and meets security requirements.