Search

An introduction to securing smart places   Publication

Nov 21, 2022 - Smart places, also known as smart cities, are places designed to provide enhanced services to citizens using a collection of smart information technology (IT)-enabled systems and devices that capture, communicate and analyse data. To achieve this purpose, previously discrete technologies and systems are interconnected to allow for large-scale coordination, real-time decision making, and increased visibility and situational awareness of the smart place’s status.

Personal cyber security: Next steps guide   Guidance

Jun 16, 2023 - The second of three cyber security guides in the personal cyber security series is designed to help everyday Australians understand a moderate level of cyber security and how to take action to protect themselves from cyber threats.

Cybersecurity Best Practices for Smart Cities   Publication

Apr 20, 2023 - This guidance is the result of a collaborative effort from the United States Cybersecurity and Infrastructure Security Agency (CISA), the United States National Security Agency (NSA), the United States Federal Bureau of Investigation (FBI), the United Kingdom National Cyber Security Centre (NCSC-UK), the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), the Canadian Centre for Cyber Security (CCCS), and the New Zealand National Cyber Security Centre (NCSC-NZ).

Cyber threat actors compromising networks of major global telecommunications providers    News

Dec 4, 2024 - New guidance is available for network defenders of communications infrastructure to strengthen visibility and harden devices against PRC-affiliated and other malicious cyber actors.

Guidelines for information technology equipment   Advice

Jul 3, 2025 - This chapter of the Information security manual (ISM) provides guidance on information technology equipment.

How to manage your security when engaging a managed service provider   Publication

Oct 6, 2021 - Understand the actions organisations can take to manage the security risks posed by engaging and authorising network access for managed service providers.

PRC State-Sponsored Cyber Activity   Advisory

Mar 20, 2024 - This fact sheet provides an overview for executive leaders on the urgent risk posed by People’s Republic of
China (PRC) state-sponsored cyber actors known as "Volt Typhoon."

Implementing certificates, TLS, HTTPS and opportunistic TLS   Publication

Oct 6, 2021 - Transport Layer Security (TLS) is a widely used encryption protocol which enables parties to communicate securely over the internet. Through the use of certificates and Public Key Infrastructure (PKI), parties can identify each other through a trusted intermediary and establish encrypted tunnels for the secure transfer of information.

#StopRansomware: Play ransomware   Advisory

Jun 5, 2025 - This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors.

Gateway security guidance package: Gateway security principles   Publication

Jul 29, 2022 - Guidance written for audiences responsible for the procurement, operation and management of gateways.

Do you purchase technology for your organisation?   News

Dec 5, 2024 - Updated guidance and new guidance for executives now available for Choosing secure and verifiable technologies.

Mergers, acquisitions and Machinery of Government changes   Publication

Jun 10, 2022 - This publication provides guidance on strategies that organisations can apply during mergers, acquisitions and Machinery of Government changes.

Small Business Cloud Security Guides: Technical Example - Restrict Administrative Privileges   Publication

Dec 16, 2022 - Privileged account credentials are prized by cybercriminals because they provide extensive access to high value assets within a network. Restricting privileged access to only users with a demonstrated business need is essential to protecting your environment.

Cloud assessment and authorisation   Publication

Jan 18, 2024 - This publication is co-designed with industry to support the secure adoption of cloud services across government and industry.

New Secure-by-Design publication released in collaboration with international partners   News

May 15, 2024 - Today, the Australian Signals Directorate has released a new Secure-by-Design advisory, Choosing Secure and Verifiable Technologies, developed and co-sealed with our Five Eyes partners.

Secure your social media   Guidance

Jul 29, 2024 - Keep your social media secure by using these tips. Learn how to protect your accounts, privacy and information.

The Case for Memory Safe Roadmaps – Joint Cyber Security Guide   News

Dec 7, 2023 - In partnership with our international partners we released a joint cyber security guidance on Secure-by-Design memory safe roadmaps.

Log4j: What Boards and Directors Need to Know   Advisory

Jan 7, 2022 - Log4j is a software library used as a building block found in a wide variety of Java applications. The Log4j vulnerability – otherwise known as Log4Shell – is trivial to exploit, and represents a significant business continuity risk. This publication outlines what Boards and Directors need to know in order to protect their businesses.

Managed service providers: How to manage risk to customer networks   Publication

Oct 6, 2021 - There are several mitigation strategies that managed service providers can implement to protect their own networks and manage the security risks posed to their customers’ networks.

Incident response  

Apr 12, 2024 - This page lists publications on preparing for and responding to cybersecurity incidents.

Small Business Cloud Security Guides: Technical Example - User Application Hardening   Publication

Dec 16, 2022 - User application hardening protects an organisation from a range of threats including malicious websites, advertisements running malicious scripts and exploitation of vulnerabilities in unsupported software. These attacks often take legitimate application functionality and use it for malicious purposes. User application hardening makes it harder for cybercriminals to exploit vulnerabilities or at-risk functionality in your organisation’s applications.

Increased Global Ransomware Threats   Alert

Feb 10, 2022 - In 2021, cybersecurity authorities in the United States, Australia, and the United Kingdom observed an increase in sophisticated, high-impact ransomware incidents against critical infrastructure organizations globally.

Cyber Security Awareness Month 2023   News

Sep 25, 2023 - October is Cyber Security Awareness Month, a time for all Australians to improve their cyber security knowledge and take action to protect their information and devices.

Network hardening  

Apr 11, 2023 - This page lists publications on the hardening of network infrastructure.

Security configuration guide: Apple iOS 14 devices   Publication

Oct 6, 2021 - ASD has developed this guide to assist Australians to understand risks when deploying iOS 14 devices and the security requirements that need to be met to allow them to handle classified data.

Security configuration guide: Viasat Mobile Dynamic Defense   Publication

Oct 6, 2021 - ASD has developed this guide to assist Australian’s to understand risks when deploying Viasat MDD devices and the security requirements that need to be met to allow them to handle classified data.

ASD's ACSC Annual Cyber Threat Report, July 2019 to June 2020   Reports and statistics

Sep 3, 2020 - This report has been jointly produced by the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), the ACIC and the AFP, and is the first unclassified annual threat report since the ASD's ACSC became part of the ASD in July 2018. The report identifies and describes key cyber security threats targeting Australian systems and networks, and provides a range of examples and real-world case studies of malicious activity targeting Australian networks, between July 2019 and June 2020. It provides mitigation advice that all Australians and organisations can take to defend against these threats.

High Assurance Evaluation Program   Program page

Aug 18, 2022 - The Australian Signals Directorate’s High Assurance Evaluation Program involves rigorous analysis and testing to search for any security vulnerabilities in products.

An introduction to artificial intelligence   Publication

Nov 24, 2023 - Artificial intelligence (AI) is an emerging technology that will play an increasingly influential role in the everyday life of Australians.

The Commonwealth Cyber Security Posture in 2022   Reports and statistics

Dec 16, 2022 - The Commonwealth Cyber Security Posture in 2022 (the report) informs Parliament on the implementation of cybersecurity measures across the Commonwealth government, for the period January 2021 to June 2022. As of June 2022, the Commonwealth comprised 97 non-corporate Commonwealth entities (NCCEs), 71 corporate Commonwealth entities (CCEs) and 17 Commonwealth companies (CCs).