Latest publications 04 Sep 2025 A Shared Vision of Software Bill of Materials (SBOM) for Cybersecurity This guidance, authored by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and international partners, presents a shared vision of Software Bill of Materials (SBOM) and the value that increased software component and supply chain transparency can offer to the global community. 04 Sep 2025 End of support for Microsoft Windows and Microsoft Windows server Support for Microsoft Windows and Microsoft Windows Server users following the expiration of the specified servicing timeline. 04 Sep 2025 Hardening Microsoft Windows 10 workstations This publication provides recommendations on hardening workstations using Enterprise and Education editions of Microsoft Windows 10. While this publication refers to workstations, most recommendations are equally applicable to servers (with the exception of Domain Controllers) using Microsoft Windows Server. Security features discussed in this publication, along with the names and locations of Group Policy settings, are taken from Microsoft Windows 10 version 22H2. All publications Title AudienceIndividuals & familiesSmall & medium businessesOrganisations & Critical InfrastructureGovernment Sort by Sort byDate updated (new to old)Date updated (old to new)Title (A-Z)Title (Z-A) Items per page 61218243036424854606672788490200 02 Oct 2024 Essential Eight maturity model and ISM mapping This publication provides a mapping between the Essential Eight and the controls within the Information security manual (ISM). 02 Oct 2024 Principles of operational technology cyber security Critical infrastructure organisations provide vital services, including supplying clean water, energy, and transportation, to the public. These organisations rely on operational technology (OT) to control and manage the physical equipment and processes that provide these critical services. As such, the continuity of vital services relies on critical infrastructure organisations ensuring the cybersecurity and safety of their OT. 22 Aug 2024 Best practices for event logging and threat detection This publication defines a baseline for event logging best practices to mitigate cyberthreats. 30 Jul 2024 Secure by Design foundations ASD’s ACSC's Secure by Design foundations represent a first step in a new approach to assist technology manufacturers and customers to adopt Secure by Design. While the foundations are primarily designed to foster discussion within technology manufacturers on how to best approach Secure by Design, they contain relevant information and actions for technology customers. 27 Jun 2024 Exploring memory safety in critical open source projects This publication follows the December 2023 release of The Case for Memory Safe Roadmaps, which recommended software manufacturers create memory safe roadmaps, including plans to address memory safety in external dependencies, which commonly include open source software (OSS). Today’s publication provides a starting point for these roadmaps by investigating the scale of memory safety risk in selected OSS. 12 Jun 2024 Managing the risks of legacy IT: Executive guidance This publication provides high-level and strategic guidance for an organisation’s executive seeking to manage the risks of legacy IT. Pagination Previous page ‹‹ Page 7 Next page ›› Alerts and Advisories Advice, guidance and publications Reports and statistics News Programs Glossary