Search

Guidelines for communications systems   Advice

Sep 4, 2025 - This chapter of the Information security manual (ISM) provides guidance on communications systems.

Secure administration   Publication

Oct 6, 2021 - Privileged access allows administrators to perform their duties, and is often seen as the ‘keys to the kingdom’. This publication provides guidance on how to implement secure administration techniques as part of the management of privileged access.

Gateway security guidance package: Gateway operations and management   Publication

Jul 29, 2025 - This guidance is one part of a package of documents that forms the Australian Signals Directorate (ASD)’s Gateway security guidance package written for audiences responsible for the operation and management of gateways.

Guidelines for software development   Advice

Sep 4, 2025 - This chapter of the Information security manual (ISM) provides guidance on software development.

Gateway security guidance package: Overview   Publication

Jul 29, 2025 - This page provides an overview of ASD’s Gateway security guidance package.

Publications  

Nov 3, 2022 - Find the latest cyber security publications.

Mitigation strategies for edge devices: Executive guidance   Publication

Feb 4, 2025 - This publication provides a high-level summary of ASD’s existing guidance to manage and secure edge devices effectively. It is intended for executives in large organisations and critical infrastructure providers that are responsible for the deployment, operation, security, and maintenance of enterprise networks. ASD is soon to release a comprehensive technical publication on mitigation strategies for edge devices for practitioners.

Identifying and Mitigating Living Off the Land Techniques   Advisory

Feb 8, 2024 - This Guide, authored by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), and the following agencies (hereafter referred to as the authoring agencies), provides information on common living off the land (LOTL) techniques and common gaps in cyber defense capabilities.

Cybercriminals targeting construction companies to conduct email scams   Alert

Jul 6, 2021 - Cybercriminals are targeting construction companies to conduct business email compromise scams. All parties to construction projects should be vigilant when emailing about invoices and bank details.

Property-related business email compromise scams rising in Australia   Alert

Aug 30, 2021 - Cybercriminals are targeting the property and real estate sector to conduct business email compromise scams. All parties involved in the buying, selling and leasing of property should be vigilant when communicating via email, particularly during settlement periods.

Protecting against business email compromise   Publication

Oct 6, 2021 - Business email compromise is when malicious actors use email to abuse trust in business processes to scam organisations out of money or goods. Malicious actors can impersonate business representatives using similar names, domains or fraudulent logos as a legitimate organisation or by using compromised email accounts and pretending to be a trusted co-worker.

Essential Eight maturity model changes   Publication

Nov 27, 2023 - This publication provides an overview of the changes for the November 2023 release.

Security considerations for edge devices   Publication

Feb 5, 2025 - Edge devices are an important part of many enterprise computing systems. They allow connection across various devices that aid in productivity. However, just like with all technology they are not without their vulnerabilities. Edge devices require attention and diligence to keep data safe and secure.

New guidance on detecting and mitigating Active Directory compromises   News

Sep 26, 2024 - Does your organisation use Microsoft’s Active Directory? Read our latest guidance on Active Directory compromises now.

Gateway security guidance package: Gateway technology guides   Publication

Jul 29, 2025 - This guidance is one part of a package of documents that forms the gateway security guidance package. When designing, procuring, operating, maintaining or disposing of a gateway, it is important to consider all the documents from the gateway security guidance package at different stages of governance, design and implementation, and not to consume this guidance in isolation.

Creating Strong Passphrases   Guidance

Oct 6, 2021 - The longer your passphrase, the better. As adversaries can crack a short password with very little effort or time, you can increase the time and effort it takes by using a passphrase instead.

Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage System   Advisory

Aug 28, 2025 - This joint cyber security advisory gives vital insights on People’s Republic of China (PRC) state-sponsored cyber threat actors, how they gain and maintain persistent access, and the capabilities they have. It provides threat hunting guidance and mitigation strategies to help safeguard your networks.

Shifting the balance of cybersecurity risk   Publication

Oct 17, 2023 - The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) and the following international partners provide the recommendations in this guide as a roadmap for technology manufacturers to ensure security of their products.

People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection   Advisory

May 25, 2023 - The People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection joint advisory provides examples of the cyber actor’s commands, along with detection signatures to aid network defenders in hunting for this activity.

Essential Eight maturity model   Publication

Nov 27, 2023 - This publication provides advice on how to implement the Essential Eight.

Small business cloud security guides: Executive overview   Publication

Dec 16, 2022 - In recognition of the increasing prevalence of cloud computing, the Australian Cyber Security Centre (ACSC) has published the Small business cloud security guides. These guides are designed to provide protection against cybersecurity incidents while remaining accessible to organisations which may not have the resources and expertise to implement a more sophisticated strategy.

Guidelines for gateways   Advice

Sep 4, 2025 - This chapter of the Information security manual (ISM) provides guidance on gateways.

Implementing application control   Publication

Nov 27, 2023 - Application control is one of the most effective mitigation strategies in ensuring the security of systems. As such, application control forms part of the Essential Eight from the Strategies to mitigate cybersecurity incidents. This publication provides guidance on what application control is, what application control is not, and how to implement application control.

Essential Eight maturity model and ISM mapping   Publication

Oct 2, 2024 - This publication provides a mapping between the Essential Eight and the controls within the Information security manual (ISM).

Guidelines for email   Advice

Sep 4, 2025 - This chapter of the Information security manual (ISM) provides guidance on email.

Essential Eight assessment process guide   Publication

Oct 2, 2024 - This publication provides advice on how to assess the implementation of the Essential Eight.

Cyber security is essential when preparing for COVID-19   Advisory

Mar 13, 2020 - In light of the COVID-19 pandemic, organisations are developing strategies to protect staff and vulnerable members of our community.

End of support for Microsoft Windows and Microsoft Windows server   Publication

Sep 4, 2025 - Support for Microsoft Windows and Microsoft Windows Server users following the expiration of the specified servicing timeline.

Domain Name System security for domain owners   Publication

Oct 6, 2021 - This publication provides information on DNS security for domain owners. It also shared helpful strategies to reduce the risk of domain misuse.

Secure your NAS device   Guidance

Nov 29, 2024 - Protect your network-attached storage (NAS) device and the important data it holds with this guide.