Search

Fundamentals of Cross Domain Solutions   Publication

Oct 6, 2021 - This publication introduces technical and non-technical audiences to cross domain security principles for securely connecting security domains.

Principles of operational technology cyber security   Publication

Oct 2, 2024 - Critical infrastructure organisations provide vital services, including supplying clean water, energy, and transportation, to the public. These organisations rely on operational technology (OT) to control and manage the physical equipment and processes that provide these critical services. As such, the continuity of vital services relies on critical infrastructure organisations ensuring the cybersecurity and safety of their OT.

Cloud computing security for executives   Publication

Jan 18, 2024 - This publication is designed to provide executives from organisations looking to utilise cloud computing services an overview of the components that make up ‘cloud’ and help understand the security risks to be considered when using cloud computing.

Gateway security guidance package: Gateway security principles   Publication

Jul 29, 2025 - Guidance written for audiences responsible for the procurement, operation and management of gateways.

Small business cloud security guides: Executive overview   Publication

Dec 16, 2022 - In recognition of the increasing prevalence of cloud computing, the Australian Cyber Security Centre (ACSC) has published the Small business cloud security guides. These guides are designed to provide protection against cybersecurity incidents while remaining accessible to organisations which may not have the resources and expertise to implement a more sophisticated strategy.

AGM & Conference 2025  

Jul 9, 2025 - The 2025 APCERT AGM & Conference will be held on 25-27 November in Sydney, Australia—hosted by the Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC).

Quiz library   Guidance

Test your knowledge about cyber security practices and threats through our quizzes.

Gateway security guidance package: Executive guidance   Publication

Jul 29, 2025 - The purpose of this guidance is to inform decision-makers at the executive level of their responsibilities, the appropriate considerations needed to make informed risk-based decisions, and to meet policy obligations when leading the design or consumption of their organisation’s gateway services.

Domain Name System security for domain resolvers   Publication

Oct 6, 2021 - This publication explores DNS security for recursive resolution servers. It also shares helpful strategies to reduce the risk of DNS resolver subversion or compromise.

Log4j: What Boards and Directors Need to Know   Advisory

Jan 7, 2022 - Log4j is a software library used as a building block found in a wide variety of Java applications. The Log4j vulnerability – otherwise known as Log4Shell – is trivial to exploit, and represents a significant business continuity risk. This publication outlines what Boards and Directors need to know in order to protect their businesses.

IRAP training partnership   News

Feb 23, 2021 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is partnering with organisations in South Australia and the ACT to deliver cyber security assessment training services for Australian business and organisations.

Cyber incident management arrangements for Australian governments   Publication

Sep 18, 2023 - The CIMA provides Australian governments with guidance on how they will collaborate in response to, and reduce the harm associated with, national cyber incidents.

Artificial intelligence  

Apr 12, 2024 - This page lists publications on the governance and use of artificial intelligence.

Alerts and advisories  

Jan 30, 2023 - Find the latest in cybersecurity alerts and advisories

Vulnerability Alert – 2 new Vulnerabilities associated with Microsoft Exchange.   Alert

Oct 10, 2022 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of 2 zero day vulnerabilities associated with Microsoft Exchange Servers 2013, 2016 and 2019 (Exchange).

Cyber security incident response  

Apr 12, 2024 - This page lists publications on preparing for and responding to cyber security incidents.

Introduction to Cross Domain Solutions   Publication

Oct 6, 2021 - This publication introduces technical and non-technical audiences to the concept of a Cross Domain Solution (CDS), a type of security capability that is used to connect discrete systems within separate security domains in an assured manner.

Multiple vulnerabilities present in VMware products   Alert

Aug 4, 2022 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of multiple vulnerabilities in VMware products. Affected Australian organisations should take appropriate action.

Ransomware targeting Australian aged care and healthcare sectors   Alert

Aug 2, 2020 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of increased targeting of healthcare, including hospitals and aged care, by ransomware campaigns undertaken by cyber criminals.

Gateway security guidance package: Gateway operations and management   Publication

Jul 29, 2025 - This guidance is one part of a package of documents that forms the Australian Signals Directorate (ASD)’s Gateway security guidance package written for audiences responsible for the operation and management of gateways.

Implementing SIEM and SOAR platforms: Practitioner guidance   Publication

May 27, 2025 - This publication provides high-level guidance for cyber security practitioners on Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) platforms.

Domain Name System security for domain owners   Publication

Oct 6, 2021 - This publication provides information on DNS security for domain owners. It also shared helpful strategies to reduce the risk of domain misuse.

FortiOS & FortiProxy - Authentication bypass in Node.js websocket module vulnerability   Alert

Jan 15, 2025 - Fortinet has released information regarding an identified vulnerability in FortiOS version 7.0 and FortiProxy versions 7.0 and 7.2 instances. ASD’s ACSC recommends customers follow the advice contained in Fortinet’s notification.

System hardening  

Dec 2, 2020 - This page lists publications on the hardening of applications and IT equipment.

System administration  

Dec 3, 2020 - This page lists publications on securely administering systems.

Multiple vulnerabilities present in F5 products   Alert

May 9, 2022 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of a F5 Security Advisory Addressing Multiple Vulnerabilities in their BIG-IP Product Range. Affected Australian organisations should take appropriate action.

Critical Vulnerability affecting Fortinet’s FortiClientEMS   Alert

Mar 22, 2024 - ASD’s ACSC is aware of a critical vulnerability (CVE-2023-48788) affecting Fortinet’s FortiClientEMS. Organisations are strongly encouraged to take immediate action to ensure affected instances are patched and investigate for potential compromise.

The Commonwealth Cyber Security Posture in 2022   Reports and statistics

Dec 16, 2022 - The Commonwealth Cyber Security Posture in 2022 (the report) informs Parliament on the implementation of cybersecurity measures across the Commonwealth government, for the period January 2021 to June 2022. As of June 2022, the Commonwealth comprised 97 non-corporate Commonwealth entities (NCCEs), 71 corporate Commonwealth entities (CCEs) and 17 Commonwealth companies (CCs).

2020-011: Critical Vulnerability in SAP NetWeaver Application Server (CVE-2020-6287)   Advisory

Jul 14, 2020 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) recommends users of these products urgently apply available security patches to prevent an adversary from exploiting this vulnerability.

Network hardening  

Apr 11, 2023 - This page lists publications on the hardening of network infrastructure.