ISM – Information Security Manual
The Australian Signals Directorate (ASD) produces the Australian Government Information Security Manual (ISM). The manual is the standard which governs the security of government ICT systems. It complements the Protective Security Policy Framework.
- The ISM comprises three documents targeting different levels within your organisation, making the ISM accessible to more users and promoting information security awareness across government.
- 2016 ISM Executive Companion (PDF)
- 2016 ISM Principles (PDF)
- 2017 ISM Controls (PDF)
- The updated 2017 Controls include nine new controls (in Software Security, Secure Admin and Cryptography) and one control was removed (0924).
- 122 controls have been updated.
- Changes to the cryptography controls represent a move to stronger encryption standards.
- The manual has been revised to improve the understanding and intent of many controls.
- 2017 ISM Controls Changes Summary (XLSX)
- 2017 ISM System Controls Checklist (XLSX)
- Additional ISM resources are available from the members-only area of OnSecure or on request.
- The ISM is only available in PDF as of 2015. Please contact us if you require another format.
- The ISM was called ACSI 33 until 2005.
- Contact us for enquiries, advice and services.