The Australian Signals Directorate (ASD) provides the Information Security Manual (ISM) in the Open Security Controls Assessment Language (OSCAL), a standardised machine-readable format developed by the United States’ National Institute of Standards and Technology (NIST). ISM OSCAL enables enhanced machine-supported consumption possibilities that can be incorporated into organisations’ governance, risk and compliance (GRC) processes and tooling. For example, improved tooling could include programmatic ingestion of ISM releases into internal systems for tracking in line with organisations’ GRC processes. NIST publishes several OSCAL learning resources to help organisations understand the concepts behind OSCAL and its use.

The ISM is provided as an OSCAL catalog with the use of OSCAL props for unique ISM attributes. ASD also provides illustrative OSCAL profiles and OSCAL resolved profile catalogs for each ISM control’s applicability (ALL, OFFICIAL: Sensitive, PROTECTED, SECRET, TOP SECRET), as well as for Essential Eight Maturity Level One (ML1), Maturity Level Two (ML2) and Maturity Level Three (ML3). Importantly, to enable greater flexibility for consumers, and to align with the ISM’s non-machine-readable documents, the information used to inform these profiles are also included in the source ISM catalog.

ASD welcomes feedback regarding ISM OSCAL. If you would like to provide any feedback or insights about your usage, or have enquiries regarding ISM OSCAL, please complete the ISM Feedback Form. Feedback pertaining to the broader use of OSCAL (including the OSCAL specification) should be directed to the OSCAL community or NIST’s OSCAL team.

ISM OSCAL v2024.03.12

ISM OSCAL v2024.03.12 - based on March 2024 Information Security Manual (ISM) and OSCAL version 1.1.2.

ISM OSCAL v2024.03.5

ISM OSCAL v2024.03.5 - based on March 2024 Information Security Manual (ISM) and OSCAL version 1.1.1.

ISM OSCAL v2023.12.1

ISM OSCAL v2023.12.1 - based on December 2023 Information Security Manual (ISM) and OSCAL version 1.1.1.

ISM OSCAL v2023.09.25

ISM OSCAL v2023.09.25 - based on September 2023 Information Security Manual (ISM) and OSCAL version 1.1.1.

ISM OSCAL v2023.09.21

ISM OSCAL v2023.09.21 - based on September 2023 Information Security Manual (ISM) and OSCAL version 1.1.0.

ISM OSCAL v2023.08.3

ISM OSCAL v2023.08.3 - based on June 2023 Information Security Manual (ISM) and OSCAL version 1.1.0.

ISM OSCAL v2023.06.29

ISM OSCAL v2023.06.29 - based on June 2023 Information Security Manual (ISM) and OSCAL version 1.0.4.

ISM OSCAL v2023.04.12

ISM OSCAL v2023.04.12 - based on March 2023 Information Security Manual (ISM) and OSCAL version 1.0.4. A release that supersedes v2023.03.5.

ISM OSCAL v2023.03.5

ISM OSCAL v2023.03.5 - based on March 2023 Information Security Manual (ISM) and OSCAL version 1.0.4. A patch release that supersedes v2023.03.3.

ISM OSCAL v2023.03.3

ISM OSCAL v2023.03.3 - based on March 2023 Information Security Manual (ISM) and OSCAL version 1.0.4.

ISM OSCAL v2022.12.1

ISM OSCAL v2022.12.1 - based on December 2022 Information Security Manual (ISM) and OSCAL version 1.0.4.

ISM OSCAL v2022.09.15

ISM OSCAL v2022.09.15 - based on September 2022 Information Security Manual (ISM) and OSCAL version 1.0.4.

ISM OSCAL v2022.09.14

ISM OSCAL v2022.09.14 - based on June 2022 Information Security Manual (ISM) and OSCAL version 1.0.4.

Was this information helpful?

Thanks for your feedback!

Optional

Tell us why this information was helpful and we’ll work on making more pages like it