History

Priority

recommended

Dec 2019

Removed

Security controls 0598, 1519, 0605 and 1041 relating to security risk assessments for gateways were removed. These security controls overlapped with the obligation of system owners to obtain authorisation to operate each of their systems from their system’s authorising officer (security control 0027) and to monitor security risks and the effectiveness of security controls for each of their systems (security control 1526). Furthermore, the risk-based approach to cyber security outlined in Using the Australian Government Information Security Manual discusses the need for a risk assessment as fundamental to selecting security controls, authorising the system to operate and monitoring the system.

Nov 2019

The security architecture of a gateway, and security risks associated with all connected security domains, including those connected via a cascaded connection, is reviewed at least annually.

2017

Agencies should review, at least annually, the security architecture of the gateway andsecurity risks of all connected security domains, including those connected via a cascadedconnection.

Control Text Changed. No public explaination.

2015

Agencies should review at least annually the security architecture of the gateway and securityrisks of all connected security domains including those connected via a cascaded connection.

2010

It is recommended agencies annually review the security architecture of the gateway and security risks of allconnected security domains including those connected via a cascaded connection.