History
- Priority
- recommended
- Nov 2018
- Removed
- Removed due to a change from a compliance culture to a risk management culture.
- 2017
- Agencies must review decisions to grant non-compliance with any control, including thejustification, any mitigation measures and security risks, at least every two years or whensignificant changes occur, to ensure its continuing relevance, adequacy and effectiveness.
- Control Text Changed. No public explaination.
- 2015
- Agencies must review decisions to grant non–compliance with any control, including thejustification, any mitigation measures and security risks, at least every two years or whensignificant changes occur to ensure its continuing relevance, adequacy and effectiveness.
- 2010
- It is recommended agencies review decisions to be non-compliant with any control, as well as any mitigationmeasures, at least annually.