Skip to main content
Acronym
ASD's ACSC
Type
Standards Development Organisation

The Australian Signals Directorate (ASD) is a vital member of Australia's national security community, working across the full spectrum of operations required of contemporary signals intelligence and security agencies: intelligence, cyber security and offensive operations in support of the Australian Government and Australian Defence Force (ADF).

The Australian Cyber Security Centre sits within ASD and is the Australian Government’s technical authority on cyber security. ASD's ACSC provides cyber security advice and services to government, critical infrastructure, industry and the Australian public.

ASD's ACSC brings together capabilities to improve Australia’s national cyber resilience through the following services: 

  • the Australian Cyber Security Hotline, which is contactable 24 hours a day, 7 days a week, via 1300 CYBER1 (1300 292 371)
  • publishing alerts, technical advice, advisories and notifications on significant cyber security threats
  • cyber threat monitoring and intelligence sharing with partners, including through the Cyber Threat Intelligence Sharing (CTIS) platform
  • technical advice and assistance to help Australian entities respond to cyber security incidents
  • national exercises and uplift activities to enhance the cyber security resilience of Australian entities
  • collaborating with Australian organisations and individuals on cyber security issues through ASD's Cyber Security Partnership Program.

ASD's ACSC's cyber security advice is published on their cyber security website.

Visit the ACSC website to learn the cyber security basics.

Resources

Cyber Security for Contractors

Category
Guidance Document
Organisation
ASD's ACSC
Type
Standard
Access
Open
Status
Active
Created
March 2012
Updated
October 2021
This publication aims to help contractors to appropriately secure Australian Government information on their systems.

Cyber Security Incident Response Planning: Executive Guidance

Category
Guidance Document
Organisation
ASD's ACSC
Type
Standard
Access
Open
Status
Active
Created
September 2012
Updated
April 2024
This page contains high-level guidance to help organisations understand how to prepare for and respond to cyber security incidents.

Cyber Security Principles

Category
Guidance Document
Organisation
ASD's ACSC
Type
Standard
Access
Open
Status
Active
Created
June 2024
Updated
June 2024
The cyber security principles provide strategic guidance on how an organisation can protect its systems, applications and data from cyber threats.

Cyber Skills Framework

Category
Guidance Document
Organisation
ASD's ACSC
Type
Standard
Access
Open
Status
Active
Created
September 2020
Updated
September 2020
This framework describes core cyber roles, capabilities, skills and proficiency levels.

Cyber Supply Chain Risk Management

Category
Guidance Document
Organisation
ASD's ACSC
Type
Standard
Access
Open
Status
Active
Created
November 2019
Updated
May 2023
This information provides an overview of managing cyber supply chain risks with links to more detailed information.

Domain Name System Security for Domain Owners

Category
Guidance Document
Organisation
ASD's ACSC
Type
Standard
Access
Open
Status
Active
Created
January 2021
Updated
October 2021
This publication provides information on Domain Name System (DNS) security for domain owners, as well as mitigation strategies to reduce the risk of misuse of domains and associated resources.

Domain Name System Security for Domain Resolvers

Category
Guidance Document
Organisation
ASD's ACSC
Type
Standard
Access
Open
Status
Active
Created
January 2021
Updated
October 2021
This publication provides information on Domain Name System (DNS) security for recursive resolution servers, as well as mitigation strategies to reduce the risk of DNS resolver subversion or compromise.

Essential Eight Assessment Process Guide v2023

Category
Guidance Document
Organisation
ASD's ACSC
Type
Standard
Version
2023
Access
Open
Status
Active
Created
November 2022
Updated
November 2023
The Essential Eight is a set of cyber security risk mitigation strategies developed by the Australian Signals Directorate.

Essential Eight Assessment Report Template

Category
Guidance Document
Organisation
ASD's ACSC
Type
Standard
Access
Open
Status
Active
Created
November 2023
This template provides the content requirements of Essential Eight assessment reports. Assessors can use their own report templates for branding purposes, but all sections within this template must be included.

Essential Eight Explained v2023

Category
Guidance Document
Organisation
ASD's ACSC
Type
Standard
Version
2023
Access
Open
Status
Active
Created
February 2017
Updated
November 2023
The document provides a brief introduction to the implementation of a priority set of strategies to mitigate cyber security incidents.

Essential Eight Maturity Model and ISM Mapping

Category
Guidance Document
Organisation
ASD's ACSC
Type
Standard
Access
Open
Status
Active
Created
January 2019
Updated
December 2023
Essential Eight is designed to protect organisations' internet-connected IT networks against cyber threats. This publication provides a mapping between the Essential Eight Maturity Model and the Information Security Manual (ISM).

Essential Eight Maturity Model Changes

Category
Guidance Document
Organisation
ASD's ACSC
Type
Standard
Access
Open
Status
Active
Created
November 2023
Essential Eight is designed to protect organisations' internet-connected IT networks against cyber threats. This resource describes the changes for the November 2023 update of the Essential Eight Maturity Model.

Essential Eight Maturity Model FAQs

Category
Guidance Document
Organisation
ASD's ACSC
Type
Standard
Access
Open
Status
Active
Created
July 2021
Updated
April 2024
Essential Eight is designed to protect organisations' internet-connected IT networks against cyber threats. This information was developed to answer frequently asked questions on the Essential Eight Maturity Model.

Essential Eight Maturity Model v2023

Category
Standard
Organisation
ASD's ACSC
Type
Standard
Version
2023
Access
Open
Status
Active
Created
June 2017
Updated
November 2023
The Essential Eight Maturity Model describes three possible levels of maturity in an organisation's cyber security posture.

Example Essential Eight Assessment Test Plan

Category
Guidance Document
Organisation
ASD's ACSC
Type
Standard
Access
Open
Status
Active
Created
November 2023
This document describes mitigation strategies, test IDs, control descriptions and test methodologies for assessment against Essential Eight Maturity Level Three.

Example Essential Eight Assessment Test Plan - Maturity Level One

Category
Guidance Document
Organisation
ASD's ACSC
Type
Standard
Access
Open
Status
Active
Created
November 2023
This document describes mitigation strategies, test IDs, control descriptions and test methodologies for assessment against Essential Eight Maturity Level One.

Example Essential Eight Assessment Test Plan - Maturity Level Two

Category
Guidance Document
Organisation
ASD's ACSC
Type
Standard
Access
Open
Status
Active
Created
November 2023
This document describes mitigation strategies, test IDs, control descriptions and test methodologies for assessment against Essential Eight Maturity Level Two.

Identifying Cyber Supply Chain Risks

Category
Guidance Document
Organisation
ASD's ACSC
Type
Standard
Access
Open
Status
Active
Created
January 2021
Updated
May 2023
This guidance helps organisations to identify risks associated with the businesses in their cyber supply chain.

Information Security Manual (ISM)

Category
Guidance Document
Organisation
ASD's ACSC
Type
Standard
Access
Open
Status
Active
Updated
March 2024
The Information Security Manual (ISM) outlines a cyber security framework that an organisation can apply, using their risk management framework, to protect their systems and data from cyber threats.

Information Security Manual (ISM) Fact Sheet

Category
Guidance Document
Organisation
ASD's ACSC
Type
Standard
Access
Open
Status
Active
Created
March 2024
This factsheet summarises the content changes for the March 2024 Information Security Manual (ISM) update.

Mergers, Acquisitions and Machinery of Government Changes

Category
Guidance Document
Organisation
ASD's ACSC
Type
Standard
Access
Open
Status
Active
Created
July 2019
Updated
June 2022
This document dicusses the signifiacnt challenges to cyber security faced by organisations when they undergo change.

Planning for Critical Vulnerabilities - What Boards Need to Know

Category
Guidance Document
Organisation
ASD's ACSC
Type
Standard
Access
Open
Status
Active
Created
December 2023
This publication provides information on why it is important that Boards and their Directors are aware of and plan for critical vulnerabilities that have the potential to cause major cyber security incidents.

Restricting Administrative Privileges

Category
Guidance Document
Organisation
ASD's ACSC
Type
Standard
Access
Open
Status
Active
Created
June 2011
Updated
November 2023
This publication provides guidance on how to effectively restrict administrative privileges.

Secure Administration

Category
Guidance Document
Organisation
ASD's ACSC
Type
Standard
Access
Open
Status
Active
Created
September 2015
Updated
October 2021
This publication is designed to complement and expand on the guidance in the Information Security Manual (ISM).