Search

Vulnerability Disclosure Program   News

Nov 23, 2022 - New ACSC publication released to help organisations implement a Vulnerability Disclosure Program.

Critical Infrastructure Uplift Program (CI-UP)   Program page

Apr 16, 2024 - The Critical Infrastructure Uplift Program (CI-UP) offers a range of services that assist critical infrastructure (CI) partners to improve their resilience against cyberattacks.

National Exercise Program   Program page

Jul 12, 2018 - Our National Exercise Program helps critical infrastructure and government organisations validate and strength Australia's nationwide cyber security arrangements.

High Assurance Evaluation Program   Program page

Aug 18, 2022 - The Australian Signals Directorate’s High Assurance Evaluation Program involves rigorous analysis and testing to search for any security vulnerabilities in products.

Emanation Security Program   Program page

Jul 1, 2018 - The Australian Signals Directorate’s Emanation Security Program sets out the requirements for government and organisations to be formally recognised to conduct emanation security practices to national standards.

Information Security Registered Assessor Program (IRAP)   News

Dec 15, 2022 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is further enhancing cyber security assessment and training, improving cyber skills, and creating new cyber careers for Australians through the Information Security Registered Assessor Program (IRAP).

Australian Signals Directorate’s Cyber Security Partnership Program   Program page

The Australian Signals Directorate's Australian Cyber Security Partnership Program enables Australian organisations and individuals to engage with the ASD's ACSC and fellow partners, drawing on collective understanding, experience, skills and capability to lift cyber resilience across the Australian economy.

Juniper SSR software v6.3.1 on Juniper SSR120, SSR130, SSR1200, SSR1300, SSR1400 and SSR1500  

Jun 27, 2024 - Juniper SSR software v6.3.1

Guidelines for system hardening   Advice

Jul 3, 2025 - This chapter of the Information security manual (ISM) provides guidance on system hardening.

Small Business Cloud Security Guides: Introduction   Publication

Dec 16, 2022 - Securing your business can be a complex task. Among the numerous security priorities and configuration options, it can be difficult to know where to begin. These guides adapt ASD's ACSC’s Essential Eight mitigation strategies and outline an example of how each can be implemented to secure Microsoft 365 capabilities. The technical examples are designed to offer significant protection against cybersecurity incidents while remaining accessible to organisations with limited resources and cybersecurity expertise.

Cybersecurity terminology   Advice

Jul 3, 2025 - This chapter of the Information security manual (ISM) provides guidance on cybersecurity terminology.

Guidelines for system management   Advice

Jul 3, 2025 - This chapter of the Information security manual (ISM) provides guidance on system management.

2022 Top Routinely Exploited Vulnerabilities   Advisory

Aug 4, 2023 - This advisory provides details on the Common Vulnerabilities and Exposures (CVEs) routinely and frequently exploited by malicious cyber actors in 2022 and the associated Common Weakness Enumeration(s) (CWE).

Essential Eight assessment process guide   Publication

Oct 2, 2024 - This publication provides advice on how to assess the implementation of the Essential Eight.

Implementing SIEM and SOAR platforms: Executive guidance   Publication

May 27, 2025 - This publication is one of three in a suite of guidance on SIEM and SOAR platforms. It is primarily intended for executives but can be used by any organisation that is considering whether and how to implement a SIEM and/or SOAR.

Windows event logging and forwarding   Publication

Oct 6, 2021 - This publication has been developed as a guide to the setup and configuration of Microsoft Windows event logging and forwarding.

Exchange server critical vulnerabilities   Alert

Apr 15, 2021 - On 2 March 2021 Microsoft released information regarding multiple exploits being used to compromise instances of Microsoft Exchange Server. Malicious actors are exploiting these vulnerabilities to compromise Microsoft Exchange servers exposed to the internet, enabling access to email accounts and to enable further compromise of the Exchange server and associated networks.

Small Business Cloud Security Guides: Executive Overview   Publication

Dec 16, 2022 - In recognition of the increasing prevalence of cloud computing, the Australian Cyber Security Centre (ACSC) has published the Small business cloud security guides. These guides are designed to provide protection against cybersecurity incidents while remaining accessible to organisations which may not have the resources and expertise to implement a more sophisticated strategy.

ASD's Blueprint for Secure Cloud   Publication

Feb 21, 2024 - The Blueprint provides better practice guidance, configuration guides and templates covering risk management, architecture and standard operating procedures developed as per the controls in ASD’s Information security manual (ISM).

Updates to ASD’s Blueprint for Secure Cloud   News

Mar 18, 2025 - We have updated the Blueprint to reflect recent changes to Microsoft Purview.

Small Business Cloud Security Guides: Technical Example - Patch Applications   Publication

Mar 1, 2023 - Patching applications is one of the most effective controls an organisation can implement to prevent cyber criminals from gaining access to their devices and sensitive information. Patches improve the security of applications by fixing known vulnerabilities.

The Case for Memory Safe Roadmaps   Publication

Dec 7, 2023 - This guidance provides manufacturers with steps to create memory safe roadmaps and implement changes to eliminate memory safety vulnerabilities from their products.

Essential Eight Assessment Guidance Package   News

Nov 23, 2022 - The Australian Signals Directorate has published updated guidance to help ensure consistent Essential Eight assessment across government and industry.

Guidelines for networking   Advice

Jul 3, 2025 - This chapter of the Information security manual (ISM) provides guidance on networking.

New guidance on detecting and mitigating Active Directory compromises   News

Sep 26, 2024 - Does your organisation use Microsoft’s Active Directory? Read our latest guidance on Active Directory compromises now.

Small Business Cloud Security Guides: Technical Example - Application Control   Publication

Dec 16, 2022 - Application control restricts the ability of an application to run or install on a device. Application control makes it harder for users to intentionally or unintentionally install unwanted or malicious software.

Zoho ManageEngine ServiceDesk Plus & Desktop Central remote code execution vulnerabilities   Alert

Dec 8, 2021 - Vulnerabilities have been identified in certain versions of Zoho ManageEngine ServiceDesk Plus and Desktop Central product suites. Australian organisations using vulnerable Zoho ManageEngine products should apply the available patch.

Implementing certificates, TLS, HTTPS and opportunistic TLS   Publication

Oct 6, 2021 - Transport Layer Security (TLS) is a widely used encryption protocol which enables parties to communicate securely over the internet. Through the use of certificates and Public Key Infrastructure (PKI), parties can identify each other through a trusted intermediary and establish encrypted tunnels for the secure transfer of information.

Essential Eight maturity model   Publication

Nov 27, 2023 - This publication provides advice on how to implement the Essential Eight.

Cyber Security Awareness Month 2024  

Sep 30, 2024 - October is Cyber Security Awareness Month and an annual reminder for all Australians to stay secure online.