You can search for keywords to find pages that can help you e.g. scam
Contact us
Portal login
back to main menu
Learn about who we are and what we do.
Interactive tools and advice to boost your online safety.
Advice and information about how to protect yourself online.
Common online security risks and advice on what you can do to protect yourself.
Respond to cyber threats and take steps to protect yourself from further harm.
Resources for business and government agencies on cyber security.
Displaying search results for Displaying 1 - 30 of 250 results.
Guidelines for gateways Advice
Jul 3, 2025 - This chapter of the Information security manual (ISM) provides guidance on gateways.
Essential Eight assessment process guide Publication
Oct 2, 2024 - This publication provides advice on how to assess the implementation of the Essential Eight.
IRAP assessment feedback form Service
Feb 1, 2021 - IRAP Assessment feedback form for IRAP assessments
Essential Eight Assessment Course News
Jul 4, 2023 - Today, the Australian Signals Directorate has launched the Essential Eight Assessment Course pilot in collaboration with TAFEcyber.
Cloud assessment and authorisation FAQ Publication
Jan 18, 2024 - This publication provides answers to frequently asked questions on the Australian Signals Directorate (ASD)’s assessment and authorisation framework for cloud service providers (CSPs) and their cloud services.
Essential Eight Assessment Course Program page
Jul 3, 2023 - The Essential Eight Assessment Course will help you understand the intent and application of the Essential Eight, learn to use ASD designed tools, and accurately test the implementation of the Essential Eight.
Cloud assessment and authorisation Publication
Jan 18, 2024 - This publication is co-designed with industry to support the secure adoption of cloud services across government and industry.
Essential Eight Assessment Guidance Package News
Nov 23, 2022 - The Australian Signals Directorate has published updated guidance to help ensure consistent Essential Eight assessment across government and industry.
Critical vulnerabilities in Citrix Netscaler ADC and NetScaler Gateway Products Alert
Jul 4, 2025 - The ASD's ACSC is aware of critical vulnerabilities in Citrix Netscaler ADC and NetScaler Gateway Products (CVE-2025-5349, CVE-2025-5777).
Critical vulnerability in Pulse/Ivanti Connect Secure, Policy Secure and Neurons for ZTA gateways (CVE-2025-22457) Alert
Apr 4, 2025 - Ivanti have released information regarding active exploitation of a critical vulnerability in Ivanti Connect Secure, Policy Secure and Neurons for ZTA gateways (CVE-2025-22457). ASD’s ACSC recommends customers follow the advice contained in Ivanti’s Security Advisory and assess their environments for malicious activity.
Critical vulnerabilities in Ivanti Connect Secure, Ivanti Policy Secure and Ivanti Neurons for ZTA Gateways Alert
Jan 9, 2025 - Ivanti has identified critical vulnerabilities affecting Ivanti Connect Secure, Ivanti Policy Secure and Ivanti Neurons for ZTA Gateways. Customers should update to available patched versions immediately and monitor Ivanti’s Security Advisory for further advice.
Gateway security guidance package: Gateway security principles Publication
Jul 29, 2022 - Guidance written for audiences responsible for the procurement, operation and management of gateways.
Gateway security guidance package: Gateway operations and management Publication
Jul 29, 2022 - This guidance is one part of a package of documents that forms the Australian Signals Directorate (ASD)’s Gateway security guidance package written for audiences responsible for the operation and management of gateways.
Gateway security guidance package: Gateway technology guides Publication
Jul 29, 2022 - This guidance is one part of a package of documents that forms the Gateway security guidance package. When designing, procuring, operating, maintaining or disposing of a gateway, it is important to consider all the documents from the Gateway security guidance package at different stages of governance, design and implementation, and not to consume this guidance in isolation.
Threat Actors Exploit Multiple Vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways Advisory
Feb 28, 2024 - The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), Multi-State Information Sharing & Analysis Center (MS-ISAC), Australian Signals Directorate’s Australian Cyber Security Center (ASD’s ACSC), and the UK’s National Cyber Security Centre (NCSC), are releasing this joint Cybersecurity Advisory (CSA) in response to the active exploitation of CVE-2023-46805, CVE-2024-21887, CVE-2024-22024, and CVE-2024-21893—multiple vulnerabilities affecting Ivanti Connect Secure and Ivanti Policy Secure gateways.
Joint statement - Digital Transformation Agency and Australian Signals Directorate - Secure Internet Gateways update News
Nov 1, 2021 - The Australian Government is further strengthening the ICT systems of Government entities by enhancing its Secure Internet Gateway (SIG) policy and through the Cyber Hubs initiative. The Digital Transformation Agency (DTA) is working on these initiatives with the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC).
Gateway hardening Guidance
Jul 29, 2022 - This page lists publications on the hardening of gateway services.
Gateway security guidance package: Overview Publication
Jul 29, 2022 - This page provides an overview of ASD’s Gateway security guidance package.
Gateway security guidance package: Executive guidance Publication
Jul 29, 2022 - The purpose of this guidance is to inform decision-makers at the executive level of their responsibilities, the appropriate considerations needed to make informed risk-based decisions, and to meet policy obligations when leading the design or consumption of their organisation’s gateway services.
Citrix Products NetScaler ADC and NetScaler Gateway Vulnerabilities Alert
Nov 29, 2023 - A malicious actor can exploit the vulnerability to execute code remotely without authentication. Organisations using Citrix products NetScaler ADC and NetScaler Gateway, possibly including Government and medium to large organisations. Ensure the latest release of NetScaler ADC and NetScaler Gateway have been installed.
Vulnerabilities in Citrix NetScaler ADC and NetScaler Gateway products Alert
Jan 18, 2024 - ASD’s ACSC is aware of multiple vulnerabilities (CVE-2023-6548 and CVE-2023-6549) in Citrix NetScaler products (NetScaler ADC and NetScaler Gateway). Organisations are strongly encouraged to take immediate action to ensure affected instances are patched.
OS Command Injection Vulnerability in GlobalProtect Gateway Alert
May 3, 2024 - ASD’s ACSC is aware of a vulnerability (CVE-2024-3400) that enables an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.
CVE-2024-24919 - Check Point Security Gateway Information Disclosure Alert
May 31, 2024 - The ASD’s ACSC is aware of CVE-2024-24919 that enables access of sensitive information to an unauthorised actor.
Critical vulnerabilities in Citrix Gateway and Application Delivery Controller (ADC) devices Alert
Dec 14, 2022 - The Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC) is aware of a critical vulnerability affecting many versions of Citrix Gateway and ADC. All Australian operators should check for indicators of compromise and install the latest updated versions.
2020-001-4: Remediation for critical vulnerability in Citrix Application Delivery Controller and Citrix Gateway Advisory
Jan 13, 2020 - On 19 January 2020, Citrix released patches for two versions of the Citrix Application Delivery Controller (ADC) and Citrix Gateway appliances. Citrix expects to have patches available across all supported versions of Citrix ADC, Citrix Gateway and Citrix SD-WAN WANOP before the end of January 2020.
Barracuda Email Security Gateway (ESG) malicious activity – additional Indicators of Compromise released Alert
Dec 25, 2023 - Update: ASD's ACSC is aware of active exploitation of a third party library, Spreadsheet::ParseExcel, leading to potential Arbitrary Code Execution in Barracuda ESG appliances (CVE-2023-7101 and CVE-2023-7102).
Active exploitation of critical vulnerability in Citrix Application Delivery Controller and Citrix Gateway Alert
Jan 13, 2020 - The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) is aware of ongoing attempts to exploit a critical vulnerability in Citrix Application Delivery Controller (ADC) (formerly known as NetScaler ADC), Citrix Gateway (formerly known as NetScaler Gateway) and Citrix SD-WAN WANOP.
Infosec Registered Assessors Program (IRAP) Program page
Aug 15, 2024 - The Infosec Registered Assessors Program (IRAP) ensures entities can access high-quality security assessment services.
Guidelines for procurement and outsourcing Advice
Jul 3, 2025 - This chapter of the Information security manual (ISM) provides guidance on procurement and outsourcing activities.
Australian Information Security Evaluation Program (AISEP) Program page
Jul 2, 2025 - The Australian Information Security Evaluation Program (AISEP) evaluates and certifies products to provide a level of assurance in its security functionality in order to protect systems and data against cyberthreats. These evaluation activities are certified by the Australian Certification Authority (ACA).
