Search

Guidelines for email   Advice

Sep 4, 2025 - This chapter of the Information security manual (ISM) provides guidance on email.

Cloud computing security for cloud service providers   Publication

Jan 18, 2024 - This publication is designed to assist cloud service providers (CSPs) in offering secure cloud services. It can also assist assessors in validating the security posture of a cloud service, which is often verified through an Infosec Registered Assessors Program (IRAP) assessment of the CSP services.

Detecting and mitigating Active Directory compromises   Publication

Jan 22, 2025 - This publication provides an overview of techniques used to compromise Active Directory, and recommended strategies to mitigate these techniques. By implementing the recommendations in this publication, organisations can significantly improve their Active Directory security, and therefore their overall network security posture.

Guidelines for gateways   Advice

Sep 4, 2025 - This chapter of the Information security manual (ISM) provides guidance on gateways.

PRC state-sponsored actors compromise and maintain persistent access to U.S. critical infrastructure   Advisory

Feb 8, 2024 - The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI) assess that People’s Republic of China (PRC) state sponsored cyber actors are seeking to preposition themselves on IT networks for disruptive or destructive cyberattacks against U.S. critical infrastructure in the event of a major crisis or conflict with the United States.

Fundamentals of Cross Domain Solutions   Publication

Oct 6, 2021 - This publication introduces technical and non-technical audiences to cross domain security principles for securely connecting security domains.

Essential Eight  

Nov 27, 2023 - While no set of mitigation strategies are guaranteed to protect against all cyberthreats, organisations are recommended to implement eight essential mitigation strategies from the Strategies to mitigate cybersecurity incidents  as a baseline. This baseline, known as the Essential Eight, makes it much harder for adversaries to compromise systems.

Best practices for event logging and threat detection   News

Aug 22, 2024 - Today we have released new event logging guidance, alongside our international partners, that defines the baseline for logging best practices to mitigate malicious cyber threats.

Microsoft introduces Exchange Emergency Mitigation service   News

Oct 1, 2021 - Microsoft has launched a new optional protection for Microsoft Exchange servers.

How to protect yourself from malware   Guidance

Nov 10, 2023 - Malware (short for 'malicious software') is software that cybercriminals use to harm your computer system or network. Cybercriminals can use malware to gain access to your computer without you knowing, in targeted or broad-based attacks.

End of support for Microsoft Windows and Microsoft Windows server   Publication

Sep 4, 2025 - Support for Microsoft Windows and Microsoft Windows Server users following the expiration of the specified servicing timeline.

Security configuration guide: Samsung Galaxy S10, S20 and Note 20 devices   Publication

Oct 6, 2021 - ASD has developed this guide to assist Australian’s to understand risks when deploying Samsung Galaxy and Samsung Note devices and the security requirements that need to be met to allow them to handle classified data.

Modern defensible architecture for senior decision-makers   Publication

Oct 23, 2025 - ASD’s ACSC and the following international partners present this guidance to assist senior decision-makers to understand the contemporary threat landscape and how modern defensible architecture can support organisations to defend against current threats and prepare for future threats.

Gateway security guidance package: Executive guidance   Publication

Jul 29, 2025 - The purpose of this guidance is to inform decision-makers at the executive level of their responsibilities, the appropriate considerations needed to make informed risk-based decisions, and to meet policy obligations when leading the design or consumption of their organisation’s gateway services.

Multiple key vulnerabilities identified in Microsoft products   Alert

Oct 13, 2021 - Multiple key vulnerabilities were identified in Microsoft’s 12 October 2021 patch release. While all vulnerabilities addressed in this release are important to mitigate the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) wishes to highlight several vulnerabilities for priority consideration.

Technical example: Application control   Publication

Dec 16, 2022 - Application control restricts the ability of an application to run or install on a device. Application control makes it harder for users to intentionally or unintentionally install unwanted or malicious software.

Technical example: Multi-factor authentication   Publication

Dec 16, 2022 - Multi-factor authentication (MFA) makes it harder for adversaries to use compromised user credentials to access an organisation’s systems. It is one of the most important cybersecurity measures an organisation can implement.

Secure your Wi-Fi and router   Guidance

Oct 29, 2024 - How to make your software, devices and networks harder to access and more resilient to attack.

Cybersecurity guidelines  

Jun 13, 2024 - Practical guidance on how an organisation can protect their information technology and operational technology systems, applications and data from cyberthreats.

Essential Eight Assessment Guidance Package   News

Nov 23, 2022 - The Australian Signals Directorate has published updated guidance to help ensure consistent Essential Eight assessment across government and industry.