Sorry, you need to enable JavaScript to visit this website.
Skip to main content

November 2019 ISM Changes

November 2019 ISM Changes

Using the Australian Government Information Security Manual

Applying a risk-based approach to cyber security

  • Minor amendment to fix broken URLs for protectivesecurity.gov.au.

Guidelines for Outsourcing

Information technology and cloud services

  • Minor amendment to fix broken URL for protectivesecurity.gov.au.
  • Added a reference to the Australian Cyber Security Centre’s new Cyber Supply Chain Risk Management publication.

Guidelines for Physical Security

Facilities and systems

  • Minor amendment to fix broken URL for protectivesecurity.gov.au.

ICT equipment and media

  • Minor amendment to fix broken URL for protectivesecurity.gov.au.

Guidelines for Personnel Security

Access to systems and their resources

  • Minor amendment to fix broken URL for protectivesecurity.gov.au.

Guidelines for Communications Infrastructure

Cable management

  • Minor amendment to fix broken URL for protectivesecurity.gov.au.

Guidelines for ICT Equipment Management

ICT equipment usage

  • Minor amendment to fix broken URL for protectivesecurity.gov.au.

ICT equipment maintenance and repairs

  • Minor amendment to fix broken URL for protectivesecurity.gov.au.

ICT equipment sanitisation and disposal

  • Modification of security control 1223 to articulate a more secure process for sanitising network devices in the absence of ACSC or vendor-specific guidance.
  • Security Control: 1223; Revision: 4; Updated: Nov-19; Applicability: O, P, S, TS
  • Memory in network devices is sanitised using the following processes, in order of preference:
    • following device-specific guidance provided by the ACSC
    • following vendor sanitisation guidance
    • loading a dummy configuration file, performing a factory reset and then reinstalling firmware.

Guidelines for Media Management

Media usage

  • Minor amendment to fix broken URL for protectivesecurity.gov.au.

Guidelines for System Hardening

Authentication hardening

  • Minor amendment to fix broken URL for protectivesecurity.gov.au.

Guidelines for System Management

Daily backup and restoration

  • Minor amendment to fix broken URL for protectivesecurity.gov.au.
  • The reference to the National Archives of Australia’s Administrative Functions Disposal Authority was updated to Administrative Functions Disposal Authority Express Version 2 which became effective from 1 July 2019.

Guidelines for System Monitoring

Event logging and auditing

  • The reference to the National Archives of Australia’s Administrative Functions Disposal Authority was updated to Administrative Functions Disposal Authority Express Version 2 which became effective from 1 July 2019.

Guidelines for Software Development

Web application development

  • Minor amendments to ‘further information’ content.
  • Added a reference to the Australian Cyber Security Centre’s new Implementing Certificates, TLS and HTTPS publication.

Guidelines for Email Management

Email usage

  • Minor amendment to fix broken URL for protectivesecurity.gov.au.

Guidelines for Network Management

Network design and configuration

  • Minor amendment to fix broken URL for protectivesecurity.gov.au.

Guidelines for Using Cryptography

Cryptographic fundamentals

  • Minor amendment to fix broken URL for protectivesecurity.gov.au.

Cryptographic system management

  • Minor amendment to fix broken URL for protectivesecurity.gov.au.
Date
November 6th, 2019