February 2020 ISM Changes
Summary of changes
- Various changes to content related to international standards for cryptographic modules and their evaluation.
Guidelines for Evaluated Products
Evaluated product acquisition
- The ‘evaluated products’ content was modified slightly.
Guidelines for Using Cryptography
- The ‘federal information processing standard 140’ content was replaced with new ‘international standards for cryptographic modules’ content. This reflects FIPS 140-3’s effective date of 22 September 2019 and its use of ISO/IEC 19790:2012 and ISO/IEC 24759:2017.
- The ‘further information’ content was modified to include references to the ACE program, ISO/IEC 19790:2012, ISO/IEC 24759:2017, FIPS 140-3 and NIST SP 800-140.
ASD Approved Cryptographic Algorithms
- The ‘high assurance cryptographic algorithms’ content was modified slightly.
ASD Approved Cryptographic Protocols
- The ‘high assurance cryptographic protocols’ content was modified slightly.
Cyber Security Terminology
Glossary of cyber security terms
- The ‘Australian Signals Directorate (ASD) Cryptographic Evaluation’ entry was modified slightly.
- The ‘High Assurance evaluation’ entry was modified slightly.
Please note: There is no requirement for organisations to be compliant with every monthly update to the Australian Government Information Security Manual (ISM). Instead, organisations are encouraged to review the security risks for their systems (using the latest version of the ISM available at the time) based on a frequency suitable for their business requirements and in accordance with their corporate risk management framework. Further information on applying the ISM can be found in the Using the Australian Government Information Security Manual chapter.