Acronym
ASD's ACSC
Type
Standards Development Organisation
The Australian Signals Directorate (ASD) is a vital member of Australia's national security community, working across the full spectrum of operations required of contemporary signals intelligence and security agencies: intelligence, cyber security and offensive operations in support of the Australian Government and Australian Defence Force (ADF).
The Australian Cyber Security Centre sits within ASD and is the Australian Government’s technical authority on cyber security. ASD's ACSC provides cyber security advice and services to government, critical infrastructure, industry and the Australian public.
ASD's ACSC brings together capabilities to improve Australia’s national cyber resilience through the following services:
- the Australian Cyber Security Hotline, which is contactable 24 hours a day, 7 days a week, via 1300 CYBER1 (1300 292 371)
- publishing alerts, technical advice, advisories and notifications on significant cyber security threats
- cyber threat monitoring and intelligence sharing with partners, including through the Cyber Threat Intelligence Sharing (CTIS) platform
- technical advice and assistance to help Australian entities respond to cyber security incidents
- national exercises and uplift activities to enhance the cyber security resilience of Australian entities
- collaborating with Australian organisations and individuals on cyber security issues through ASD's Cyber Security Partnership Program.
ASD's ACSC's cyber security advice is published on their cyber security website.
Visit the ACSC website to learn the cyber security basics.
Resources
An Introduction to Artificial Intelligence
Category
Guidance Document
Organisation
ASD's ACSC
Type
Standard
Access
Open
Status
Active
Created
Nov 2023
This document provides readers with an understanding of what artificial intelligence (AI) is and how it may impact the digital systems and services they use.
An Introduction to Securing Smart Places
Category
Guidance Document
Organisation
ASD's ACSC
Type
Standard
Access
Open
Status
Active
Created
Nov 2022
Smart places are places that use smart technology (IT)-enabled systems to provide enhanced services to citizens. This document explores the key security risks of smart places and ways to mitigate risk.
Cloud Controls Matrix Template
Category
Guidance Document
Organisation
ASD's ACSC
Type
Standard
Access
Open
Status
Active
Created
Jun 2024
This template is intended for use by registered assessors to assess cloud service providers and the services they provide.
Cyber Incident Management Arrangements for Australian Governments
Category
Guidance Document
Organisation
ASD's ACSC
Type
Standard
Access
Open
Status
Active
Created
Oct 2022
Updated
Sep 2023
This document provides guidance on how Australian governments can cooperate on responses to national cyber security incidents.
Cyber Security for Contractors
Category
Guidance Document
Organisation
ASD's ACSC
Type
Standard
Access
Open
Status
Active
Created
Mar 2012
Updated
Oct 2021
This publication aims to help contractors to appropriately secure Australian Government information on their systems.
Cyber Security Incident Response Planning: Executive Guidance
Category
Guidance Document
Organisation
ASD's ACSC
Type
Standard
Access
Open
Status
Active
Created
Sep 2012
Updated
Apr 2024
This page contains high-level guidance to help organisations understand how to prepare for and respond to cyber security incidents.
Cyber Security Principles
Category
Guidance Document
Organisation
ASD's ACSC
Type
Standard
Access
Open
Status
Active
Created
Jun 2024
Updated
Jun 2024
The cyber security principles provide strategic guidance on how an organisation can protect its systems, applications and data from cyber threats.
Cyber Skills Framework
Category
Guidance Document
Organisation
ASD's ACSC
Type
Standard
Access
Open
Status
Active
Created
Sep 2020
Updated
Sep 2020
This framework describes core cyber roles, capabilities, skills and proficiency levels.
Cyber Supply Chain Risk Management
Category
Guidance Document
Organisation
ASD's ACSC
Type
Standard
Access
Open
Status
Active
Created
Nov 2019
Updated
May 2023
This information provides an overview of managing cyber supply chain risks with links to more detailed information.
Domain Name System Security for Domain Owners
Category
Guidance Document
Organisation
ASD's ACSC
Type
Standard
Access
Open
Status
Active
Created
Jan 2021
Updated
Oct 2021
This publication provides information on Domain Name System (DNS) security for domain owners, as well as mitigation strategies to reduce the risk of misuse of domains and associated resources.
Domain Name System Security for Domain Resolvers
Category
Guidance Document
Organisation
ASD's ACSC
Type
Standard
Access
Open
Status
Active
Created
Jan 2021
Updated
Oct 2021
This publication provides information on Domain Name System (DNS) security for recursive resolution servers, as well as mitigation strategies to reduce the risk of DNS resolver subversion or compromise.
Engaging with Artificial Intelligence
Category
Guidance Document
Organisation
ASD's ACSC
Type
Standard
Access
Open
Status
Active
Created
Jan 2024
This document provides organisations with guidance on how to use artificial intelligence (AI) systems securely.
Essential Eight Assessment Process Guide v2023
Category
Guidance Document
Organisation
ASD's ACSC
Type
Standard
Version
2023
Access
Open
Status
Active
Created
Nov 2022
Updated
Nov 2023
The Essential Eight is a set of cyber security risk mitigation strategies developed by the Australian Signals Directorate.
Essential Eight Assessment Report Template
Category
Guidance Document
Organisation
ASD's ACSC
Type
Standard
Access
Open
Status
Active
Created
Nov 2023
This template provides the content requirements of Essential Eight assessment reports. Assessors can use their own report templates for branding purposes, but all sections within this template must be included.
Essential Eight Explained v2023
Category
Guidance Document
Organisation
ASD's ACSC
Type
Standard
Version
2023
Access
Open
Status
Active
Created
Feb 2017
Updated
Nov 2023
The document provides a brief introduction to the implementation of a priority set of strategies to mitigate cyber security incidents.
Essential Eight Maturity Model and ISM Mapping
Category
Guidance Document
Organisation
ASD's ACSC
Type
Standard
Access
Open
Status
Active
Created
Jan 2019
Updated
Dec 2023
Essential Eight is designed to protect organisations' internet-connected IT networks against cyber threats. This publication provides a mapping between the Essential Eight Maturity Model and the Information Security Manual (ISM).
Essential Eight Maturity Model Changes
Category
Guidance Document
Organisation
ASD's ACSC
Type
Standard
Access
Open
Status
Active
Created
Nov 2023
Essential Eight is designed to protect organisations' internet-connected IT networks against cyber threats. This resource describes the changes for the November 2023 update of the Essential Eight Maturity Model.
Essential Eight Maturity Model FAQs
Category
Guidance Document
Organisation
ASD's ACSC
Type
Standard
Access
Open
Status
Active
Created
Jul 2021
Updated
Apr 2024
Essential Eight is designed to protect organisations' internet-connected IT networks against cyber threats. This information was developed to answer frequently asked questions on the Essential Eight Maturity Model.
Essential Eight Maturity Model v2023
Category
Standard
Organisation
ASD's ACSC
Type
Standard
Version
2023
Access
Open
Status
Active
Created
Jun 2017
Updated
Nov 2023
The Essential Eight Maturity Model describes three possible levels of maturity in an organisation's cyber security posture.
Example Essential Eight Assessment Test Plan
Category
Guidance Document
Organisation
ASD's ACSC
Type
Standard
Access
Open
Status
Active
Created
Nov 2023
This document describes mitigation strategies, test IDs, control descriptions and test methodologies for assessment against Essential Eight Maturity Level Three.
Example Essential Eight Assessment Test Plan - Maturity Level One
Category
Guidance Document
Organisation
ASD's ACSC
Type
Standard
Access
Open
Status
Active
Created
Nov 2023
This document describes mitigation strategies, test IDs, control descriptions and test methodologies for assessment against Essential Eight Maturity Level One.
Example Essential Eight Assessment Test Plan - Maturity Level Two
Category
Guidance Document
Organisation
ASD's ACSC
Type
Standard
Access
Open
Status
Active
Created
Nov 2023
This document describes mitigation strategies, test IDs, control descriptions and test methodologies for assessment against Essential Eight Maturity Level Two.
Gateway Security Guidance Package: Executive Guidance
Category
Guidance Document
Organisation
ASD's ACSC
Type
Standard
Access
Open
Status
Active
Created
Jul 2022
Updated
Jul 2022
This guidance document helps organisations make informed risk-based decisions when designing, procuring, operating, maintaining or disposing of gateway services.
How to Manage Your Security When Engaging A Managed Service Provider
Category
Guidance Document
Organisation
ASD's ACSC
Type
Standard
Access
Open
Status
Active
Created
Dec 2018
Updated
Oct 2021
This publication recommends strategies that organisations can use to manage security risks posed by engaging and authorising network access to managed service providers.
Identifying Cyber Supply Chain Risks
Category
Guidance Document
Organisation
ASD's ACSC
Type
Standard
Access
Open
Status
Active
Created
Jan 2021
Updated
May 2023
This guidance helps organisations to identify risks associated with the businesses in their cyber supply chain.
Information Security Manual
Category
Guidance Document
Organisation
ASD's ACSC
Type
Standard
Access
Open
Status
Active
Updated
Jun 2024
This manual provides strategic guidance for organisations to protect their information technology and operational technology systems, applications and data from cyber threats.
Information Security Manual (ISM)
Category
Guidance Document
Organisation
ASD's ACSC
Type
Standard
Access
Open
Status
Active
Updated
Mar 2024
The Information Security Manual (ISM) outlines a cyber security framework that an organisation can apply, using their risk management framework, to protect their systems and data from cyber threats.
Information Security Manual (ISM) Fact Sheet
Category
Guidance Document
Organisation
ASD's ACSC
Type
Standard
Access
Open
Status
Active
Created
Mar 2024
This factsheet summarises the content changes for the March 2024 Information Security Manual (ISM) update.
IoT Secure-by-Design Guidance for Manufacturers
Category
Guidance Document
Organisation
ASD's ACSC
Type
Standard
Access
Open
Status
Active
Created
Sep 2020
This document provides cyber security guidance for manufacturers of Internet of Things (IoT) devices, such as drones, security cameras, smart televisions, solar inverters and other ‘smart’ devices.
Mergers, Acquisitions and Machinery of Government Changes
Category
Guidance Document
Organisation
ASD's ACSC
Type
Standard
Access
Open
Status
Active
Created
Jul 2019
Updated
Jun 2022
This document dicusses the signifiacnt challenges to cyber security faced by organisations when they undergo change.
Planning for Critical Vulnerabilities - What Boards Need to Know
Category
Guidance Document
Organisation
ASD's ACSC
Type
Standard
Access
Open
Status
Active
Created
Dec 2023
This publication provides information on why it is important that Boards and their Directors are aware of and plan for critical vulnerabilities that have the potential to cause major cyber security incidents.
Preparing for and Responding to Denial-of-Service Attacks
Category
Guidance Document
Organisation
ASD's ACSC
Type
Standard
Access
Open
Status
Active
Created
Sep 2011
Updated
Mar 2023
This document outlines how organisations can prepare for and potentially reduce the impact of denial-of-service attacks.
Restricting Administrative Privileges
Category
Guidance Document
Organisation
ASD's ACSC
Type
Standard
Access
Open
Status
Active
Created
Jun 2011
Updated
Nov 2023
This publication provides guidance on how to effectively restrict administrative privileges.
Secure Administration
Category
Guidance Document
Organisation
ASD's ACSC
Type
Standard
Access
Open
Status
Active
Created
Sep 2015
Updated
Oct 2021
This publication is designed to complement and expand on the guidance in the Information Security Manual (ISM).
Strategies to Mitigate Cyber Security Incidents
Category
Guidance Document
Organisation
ASD's ACSC
Type
Standard
Access
Open
Status
Active
Created
Feb 2010
Updated
Feb 2017
This document provides strategies to help organisations mitigate cyber security incidents caused by various cyber threats.
Strategies to Mitigate Cyber Security Incidents – Mitigation Details
Category
Guidance Document
Organisation
ASD's ACSC
Type
Standard
Access
Open
Status
Active
Created
Feb 2010
Updated
Feb 2017
This document helps organisations mitigate cyber security incidents caused by targeted cyber intrusions, ransomware, malicious insiders, business email compromise and threats to industrial control systems.