Back

Engage appropriate parties to assist with risk assessments, as necessary.


CONTROL ID
12153
CONTROL TYPE
Human Resources Management
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain risk assessment procedures., CC ID: 06446

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • System owners deploying systems with Radio Frequency (RF) transmitters inside or co-located with their facility contact the ACSC for an emanation security threat assessment and implement any additional installation criteria derived from the emanation security threat assessment. (Security Control: 0247; Revision: 3, Australian Government Information Security Manual, March 2021)
  • System owners deploying systems with RF transmitters that will be co-located with systems of a higher classification contact the ACSC for an emanation security threat assessment and implement any additional installation criteria derived from the emanation security threat assessment. (Security Control: 0248; Revision: 5, Australian Government Information Security Manual, March 2021)
  • System owners deploying systems overseas contact the ACSC for an emanation security threat assessment and implement any additional installation criteria derived from the emanation security threat assessment. (Security Control: 0249; Revision: 3, Australian Government Information Security Manual, March 2021)
  • System owners deploying systems overseas contact the ACSC for emanation security threat advice and implement any additional installation criteria derived from the emanation security threat advice. (Security Control: 0932; Revision: 5, Australian Government Information Security Manual, March 2021)
  • System owners deploying OFFICIAL or PROTECTED systems with Radio Frequency transmitters that will be co-located with SECRET or TOP SECRET systems contact the ACSC for an emanation security threat assessment and implement any additional installation criteria derived from the threat assessment. (Control: ISM-0248; Revision: 6, Australian Government Information Security Manual, June 2023)
  • System owners deploying SECRET or TOP SECRET systems with Radio Frequency transmitters inside or co-located with their facility contact the ACSC for an emanation security threat assessment and implement any additional installation criteria derived from the threat assessment. (Control: ISM-0247; Revision: 4, Australian Government Information Security Manual, June 2023)
  • System owners deploying SECRET or TOP SECRET systems in shared facilities contact the ACSC for an emanation security threat assessment and implement any additional installation criteria derived from the threat assessment. (Control: ISM-1137; Revision: 3, Australian Government Information Security Manual, June 2023)
  • System owners deploying systems or military platforms overseas contact the ACSC for an emanation security threat assessment and implement any additional installation criteria derived from the threat assessment. (Control: ISM-0249; Revision: 4, Australian Government Information Security Manual, June 2023)
  • System owners deploying OFFICIAL: Sensitive or PROTECTED systems with Radio Frequency transmitters that will be co-located with SECRET or TOP SECRET systems contact ASD for an emanation security threat assessment and implement any additional installation criteria derived from the threat assessment. (Control: ISM-0248; Revision: 7, Australian Government Information Security Manual, September 2023)
  • System owners deploying systems or military platforms overseas contact ASD for an emanation security threat assessment and implement any additional installation criteria derived from the threat assessment. (Control: ISM-0249; Revision: 5, Australian Government Information Security Manual, September 2023)
  • System owners deploying SECRET or TOP SECRET systems in shared facilities contact ASD for an emanation security threat assessment and implement any additional installation criteria derived from the threat assessment. (Control: ISM-1137; Revision: 4, Australian Government Information Security Manual, September 2023)
  • System owners deploying SECRET or TOP SECRET systems with Radio Frequency transmitters inside or co-located with their facility contact ASD for an emanation security threat assessment and implement any additional installation criteria derived from the threat assessment. (Control: ISM-0247; Revision: 5, Australian Government Information Security Manual, September 2023)
  • Important: If relevant threats are not considered, this may produce gaps in the resulting security concept. If in doubt a careful analysis of whether and (if so) which threats may still be missing should therefore be performed. For this, it is often advisable to rely on external consulting services. (§ 4.2 ¶ 9, The Federal Office for Information Security, BSI-Standard 200-3, Risk Analysis based on IT-Grundschutz, Version 1.0)
  • In practice, brainstorming involving all employees involved has proven effective in identifying additional threats. Information security officers, specialists responsible, administrators and users of the target object under review as well as external experts, if appropriate, should be involved. The … (§ 4.2 ¶ 10, The Federal Office for Information Security, BSI-Standard 200-3, Risk Analysis based on IT-Grundschutz, Version 1.0)
  • Where possible it is recommended the risk assessment is led by an individual and/or individuals who have sufficient knowledge of the PCI DSS requirements and the risk assessment methodology being utilized by the organization. The risk assessment process leader is typically responsible for driving th… (§ 4.1 ¶ 2, Information Supplement: PCI DSS Risk Assessment Guidelines, Version 2.0)
  • Each Transmission Owner that identified a Transmission station, Transmission substation, or primary control center in Requirement R1 and verified according to Requirement R2, and each Transmission Operator notified by a Transmission Owner according to Requirement R3, shall have an unaffiliated third… (B. R6., North American Electric Reliability Corporation Critical Infrastructure Protection Standards Physical Security CIP-014-2, Version 2)
  • Each Transmission Owner that identified a Transmission station, Transmission substation, or primary control center in Requirement R1 and verified according to Requirement R2, and each Transmission Operator notified by a Transmission Owner according to Requirement R3, shall have an unaffiliated third… (B. R6., North American Electric Reliability Corporation Critical Infrastructure Protection Standards Physical Security CIP-014-3, Version 3)
  • Once a DoD PA is granted, the CSP is expected to maintain the security posture of the CSO through continuous and periodic vulnerability scans, DoD annual assessments, incident management, and effective implementation of operational processes and procedures. Integral to this is periodic reporting to … (Section 5.3.1 ¶ 2, Department of Defense Cloud Computing Security Requirements Guide, Version 1, Release 3)
  • Document the assessment methodology used and make the documentation available for TSA review upon request. (4.3 ¶ 2 Bullet 5, Pipeline Security Guidelines)