ISM – Information Security Manual
The Australian Signals Directorate (ASD) produces the Australian Government Information Security Manual (ISM). The manual is the standard which governs the security of government ICT systems. It complements the Protective Security Policy Framework.
- The ISM comprises three documents targeting different levels within your organisation, making the ISM accessible to more users and promoting information security awareness across government.
- 2016 ISM Executive Companion (PDF)
- 2016 ISM Principles (PDF)
- 2017 ISM Controls (PDF) UPDATED 23 November 2017
- ASD wishes to advise the 2017 ISM Controls manual has been re-issued due to layout issues. While the content of the controls was not affected, the readability of the manual was adversely impacted.
- For this reason, ASD has re-issued the 2017 ISM Controls manual. Anyone that has received a copy of the 2017 ISM Controls manual with release date of 10 November should delete that version and replace it with the new version with release date of 22 November.
- The updated 2017 Controls include nine new controls (in Software Security, Secure Admin and Cryptography) and one control was removed (0924).
- 122 controls have been updated.
- Changes to the cryptography controls represent a move to stronger encryption standards.
- The manual has been revised to improve the understanding and intent of many controls.
- 2017 ISM Controls Changes Summary (XLSX)
- 2017 ISM System Controls Checklist (XLSX)
- Additional ISM resources are available from the members-only area of OnSecure or on request.
- The ISM is only available in PDF as of 2015. Please contact us if you require another format.
- The ISM was called ACSI 33 until 2005.
- Contact us for enquiries, advice and services.