History
- Priority
- Must
- Dec 2019
- Removed
- Security controls 0598, 1519, 0605 and 1041 relating to security risk assessments for gateways were removed. These security controls overlapped with the obligation of system owners to obtain authorisation to operate each of their systems from their system’s authorising officer (security control 0027) and to monitor security risks and the effectiveness of security controls for each of their systems (security control 1526). Furthermore, the risk-based approach to cyber security outlined in Using the Australian Government Information Security Manual discusses the need for a risk assessment as fundamental to selecting security controls, authorising the system to operate and monitoring the system.
- Nov 2019
- A security risk assessment is performed on all systems before they are connected to a gateway.
- Nov 2018
- A security risk assessment is performed on all systems before they are connected to a gateway.
- Added to support the consideration and documentation of security risks associated with systems that are connected to gateways.