History
- Priority
- should
- Jul 2019
- Removed
- Security controls 0064, 0809, 0904, 1531, 0805 and 1140 removed due to being covered by the new The Australian Government Information Security Manual executive overview.
- Jun 2019
- Prior to the beginning of a security assessment, the system owner develops a Statement of Applicability (SoA) for their system which identifies the security controls that they have chosen to implement.
- Jan 2019
- Prior to the beginning of a security assessment, the system owner develops a Statement of Applicability (SoA) for their system which identifies the security controls that they have chosen to implement.
- Fixed typographical error in security control 0904 – ‘Statement of Applicably’ replaced with ‘Statement of Applicability’.
- Nov 2018
- Prior to the beginning of a security assessment, the system owner develops a Statement of Applicably (SoA) for their system which identifies the security controls that they have chosen to implement.
- 2017
- Before undertaking a security assessment the system owner should provide a statement ofapplicability for the system which includes:• the version of this manual, and any complementary publications, used for determiningsecurity measures• controls from this manual that are, and are not, applicable to the system• controls from this manual that are applicable but are not being implemented (including therationale behind these decisions)• any additional security measures being implemented.
- Control Text Changed. No public explaination.
- 2015
- Before undertaking a security assessment, also known as an audit, the system owner shouldprovide a statement of applicability for the system which includes:• the version of this manual, and any complementary publications, used for determiningsecurity measures• controls from this manual that are, and are not, applicable to the system• controls from this manual that are applicable but are not being implemented (including therationale behind these decisions)• any additional security measures being implemented.
- 2010
- The system owner should provide a statement of applicability for the system which includes thefollowing topics:••••the baseline of this manual used for determining controlscontrols that are, and are not, applicable to the systemcontrols that are applicable but are not being complied withany additional controls implemented as a result of the SRMP.