History
- Priority
- should
- Nov 2018
- Removed
- Removed due to a merge of relevant content into security control 1140.
- 2017
- The certification authority should produce a certification report for the accreditation authorityoutlining the security measures that have been implemented for a system and an assessmentof the residual security risk relating to the system and the information that it processes,stores or communicates.
- 2015
- The certification authority should produce a certification report for the accreditation authorityoutlining the security measures that have been implemented for a system and an assessmentof the residual security risk relating to the system and the information that it processes,stores or communicates.
- 2010
- Following the audit, the certification authority should produce an assessment for the accreditation authorityoutlining the residual security risks relating to the operation of the system and a recommendation onwhether to award accreditation or not.