Search

ISM OSCAL v2023.09.21  

Sep 21, 2023 - ISM OSCAL v2023.09.21 - based on September 2023 Information Security Manual (ISM) and OSCAL version 1.1.0.

ISM OSCAL v2023.06.29  

Jun 29, 2023 - ISM OSCAL v2023.06.29 - based on June 2023 Information Security Manual (ISM) and OSCAL version 1.0.4.

Infosec Registered Assessors Program (IRAP)   Program

Nov 17, 2025 - The Infosec Registered Assessors Program (IRAP) ensures entities can access high-quality security assessment services.

Strategies to mitigate cybersecurity incidents: Mitigation details   Publication

Feb 1, 2017 - The Australian Signals Directorate (ASD) has developed prioritised mitigation strategies to help cybersecurity professionals in all organisations mitigate cybersecurity incidents caused by various cyberthreats. This guidance addresses targeted cyber intrusions (i.e. those executed by advanced persistent threats such as foreign intelligence services), ransomware and external adversaries with destructive intent, malicious insiders, ‘business email compromise’, and industrial control systems.

ISM OSCAL v2022.09.14  

ISM OSCAL v2022.09.14 - based on June 2022 Information Security Manual (ISM) and OSCAL version 1.0.4.

ISM OSCAL v2022.09.15  

ISM OSCAL v2022.09.15 - based on September 2022 Information Security Manual (ISM) and OSCAL version 1.0.4.

PRC state-sponsored actors compromise and maintain persistent access to U.S. critical infrastructure   Advisory

Feb 8, 2024 - The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI) assess that People’s Republic of China (PRC) state sponsored cyber actors are seeking to preposition themselves on IT networks for disruptive or destructive cyberattacks against U.S. critical infrastructure in the event of a major crisis or conflict with the United States.

Risk management of enterprise mobility (including Bring Your Own Device)   Publication

Oct 6, 2021 - This publication has been developed to provide senior business representatives with a list of enterprise mobility considerations. These include business cases, regulatory obligations and legislation, available budget and personnel resources, and risk tolerance. Additionally, risk management controls are provided for cybersecurity practitioners.

ISM OSCAL v2025.10.8  

Oct 8, 2025 - ISM OSCAL v2024.10.8 - based on June 2025 Information Security Manual (ISM) and OSCAL version 1.1.2. A patch release that supersedes v2025.09.15.

ISM OSCAL v2025.09.15  

Sep 15, 2025 - ISM OSCAL v2024.09.15 - based on June 2025 Information Security Manual (ISM) and OSCAL version 1.1.2. A patch release that supersedes v2025.09.10.

ISM OSCAL v2023.04.12  

Apr 12, 2023 - ISM OSCAL v2023.04.12 - based on March 2023 Information Security Manual (ISM) and OSCAL version 1.0.4. A release that supersedes v2023.03.5.

Hardening Microsoft Windows 10 workstations   Publication

Sep 4, 2025 - This publication provides recommendations on hardening workstations using Enterprise and Education editions of Microsoft Windows 10. While this publication refers to workstations, most recommendations are equally applicable to servers (with the exception of Domain Controllers) using Microsoft Windows Server. Security features discussed in this publication, along with the names and locations of Group Policy settings, are taken from Microsoft Windows 10 version 22H2.

Managing cryptographic keys and secrets   Publication

Aug 26, 2025 - This guide has been developed to help organisational personnel in understanding the threat environment and the value of implementing secure keys and secrets management to make better informed decisions.

ISM OSCAL v2023.03.5  

ISM OSCAL v2023.03.5 - based on March 2023 Information Security Manual (ISM) and OSCAL version 1.0.4. A patch release that supersedes v2023.03.3.

Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations   Advisory

Sep 15, 2022 - The Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC) has joined with international cyber security agency partners to co-author an advisory on continued Iranian state-sponsored cyber threats. Organisations are encouraged to apply the recommended mitigations to protect themselves online.

Secure your Apple macOS device   Guidance

Nov 29, 2024 - Your Apple macOS device often holds your most important data. Use these simple steps to protect your device from cyberattacks.

Microsoft Exchange Server security best practices   Publication

Oct 31, 2025 - This paper—authored by the National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), and Canadian Centre for Cyber Security (Cyber Centre)—provides security best practices for administrators on hardening on-premises (on-prem) Exchange.

ISM OSCAL v2024.10.4  

Oct 4, 2024 - ISM OSCAL v2024.10.4 - based on the October patch release of the September 2024 Information Security Manual (ISM) and OSCAL version 1.1.2. A patch release that supersedes v2024.09.26.

Creating and maintaining a definitive view of your operational technology architecture   Publication

Oct 28, 2025 - How organisations who deploy or operate operational technology systems should build, maintain and store their systems understanding.

Implementing SIEM and SOAR platforms: Practitioner guidance   Publication

May 27, 2025 - This publication provides high-level guidance for cyber security practitioners on Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) platforms.