History
- Priority
- must
- Nov 2018
- Removed
- Removed due to a merge of relevant content into security control 0064.
- 2017
- The accreditation authority must accept the residual security risk to a system and theinformation it processes, stores or communicates in order to award accreditation.
- 2015
- The accreditation authority must accept the residual security risk to a system and theinformation it processes, stores or communicates in order to award accreditation.
- 2010
- The accreditation authority must accept the residual security risk relating to the operation of a system inorder to award accreditation.