Gateways undergo testing following configuration changes, and at regular intervals no more than six months apart, to validate they conform to expected security configurations.
Topic
Assessment of gateways
Applicable to
all
History
Priority
recommended
Jun 2022
Gateways undergo testing following configuration changes, and at regular intervals no more than six months apart, to validate they conform to expected security configurations.
The ISM previously recommended that ‘commercial and government gateway services selected by the ACSC undergo a joint security assessment by ACSC and Infosec Registered Assessors Program (IRAP) assessors at least every 24 months’. This recommendation was reintroduced and amended to ‘gateways undergo a security assessment by an IRAP assessor at least every 24 months’ to support the upcoming release of new gateway security guidance by the ACSC. Note, the scope of this recommendation relates to all gateways, and not just outsourced gateways services.
Mar 2022
Gateways are subject to rigorous testing following configuration changes, and at irregular intervals no more than six months apart, to determine the effectiveness of security controls.
Existing recommendations for gateway architectures and their configuration (ISM-0631) were split into discrete recommendations with duplicate content being removed.
2017
Agencies should ensure that testing of security measures is performed at irregular intervalsno more than six months apart.
Control Text Changed. No public explaination.
2015
Agencies should ensure that testing of security measures is performed at random intervals nomore than six months apart.
2010
It is recommended agencies ensure that testing of security measures is performed at random intervals nomore than six months apart.