System owners ensure controls for each TOP SECRET system and its operating environment, including each sensitive compartmented information system and its operating environment, undergo a security assessment by Australian Signals Directorate (ASD) assessors (or their delegates) to determine if they have been implemented correctly and are operating as intended.
Topic
Protecting systems and their resources
Applicable to
Top Secret
History
Dec 2024
System owners ensure controls for each TOP SECRET system and its operating environment, including each sensitive compartmented information system and its operating environment, undergo a security assessment by Australian Signals Directorate (ASD) assessors (or their delegates) to determine if they have been implemented correctly and are operating as intended.
The existing control recommending that system owners ensure controls for each system and its operating environment are assessed to determine if they have been implemented correctly and are operating as intended was split into two controls to clearly articulate that non-classified, OFFICIAL: Sensitive, PROTECTED and SECRET systems can be assessed by an organisation’s own assessors or an IRAP assessor while TOP SECRET systems, including sensitive compartmented information systems, need to be assessed by ASD assessors (or their delegates). ISM-1636, ISM-1967