ISM – Information Security Manual
The Defence Signals Directorate (DSD) produces the Australian Government Information Security Manual (ISM). The manual is the standard which governs the security of government ICT systems. It complements the Protective Security Policy Framework.
- The 2012 ISM comprises three documents – an Executive Companion (PDF), Principles document (PDF) and Controls manual (PDF) – targeting different levels within your organisation. This change will make the ISM accessible to more users and promote information security awareness across government.
- The compliance language in the ISM has been simplified to consist only of must and should, with required and recommended removed. The compliance requirements are informed by ‘the threat as we see it’, to enable agencies to make informed, risk-based decisions in protecting their information and systems.
- The controls relating to the top 4 of DSD's Strategies to Mitigate Targeted Cyber Intrusions have now been awarded a must compliance requirement to ensure consistency and closer alignment between the ISM and all other advice issued by DSD to government agencies.
- The Roles and Responsibilities controls have been condensed to concentrate on fulfilling necessary functions, rather than titles and specific duties. This change is intended to make ISM advice applicable to agencies of all sizes and in disparate locations.
- Use the ISM order form to request printed copies of the manual.
- The XML version of the 2012 ISM is currently in development and will be made available online once it has been completed.
- Additional ISM resources including change summaries and system control checklists are available from the members-only area of OnSecure.
- ISM was called ACSI 33 until 2005.
- Contact us for enquiries, advice and services.
