🤖 Ready for Sovereignty 2026: Australian Insights Report. Get your copy
MarketplaceCybersecurityISM SSP
CybersecurityRegulation

ISM SSP

Information Security Manual System Security Plan Annex Template

The System Security Plan (SSP) Annex Template is a structured document used to capture detailed information about an organization’s cyber security controls and implementation. It supports accreditation processes by providing evidence of compliance, risk management, and system-specific security measures.

Book your strategy callView source ↗

Overview

The SSP Annex Template is designed to complement a System Security Plan by documenting how security controls are applied to specific systems, environments, and operational contexts. Its purpose is to provide transparency and assurance to accrediting authorities, demonstrating that an organization has implemented appropriate safeguards aligned with government cyber security standards. The template is primarily intended for ICT service providers, government agencies, and organizations seeking accreditation under frameworks such as Right Fit for Risk (RFFR).

This annex is applicable across sectors that manage sensitive or official information, including defense, critical infrastructure, and contracted service providers. It ensures that system-specific risks are identified, controls are mapped to the Australian Information Security Manual (ISM), and any deviations or compensating measures are clearly justified. By using the SSP Annex Template, organizations strengthen their accreditation submissions, improve accountability, and enhance confidence in their overall cyber security posture.

Related in Cybersecurity

CybersecurityStandard

ISM CCM — Information Security Manual Cloud Controls Matrix Template

The Cloud Controls Matrix (CCM) Template is a comprehensive framework for mapping cloud security controls to industry standards and compliance requirements. It helps organizations assess, implement, and demonstrate effective cloud security practices across diverse environments.

Australian Government • Australia • vJune 2026

View details
CybersecurityRegulation

RFFR ISM SoA — Right Fit for Risk Information Security Manual Statement of Applicability

The Right Fit for Risk (RFFR) Statement of Applicability (SoA) is a structured template used to document how organizations meet cyber security accreditation requirements. It outlines applicable controls, their implementation status, and provides assurance of compliance with the RFFR framework.

Australian Government • Australia • vJune 2026

View details
CybersecurityRegulation

ISM — Information Security Manual

The Australian ISM is the nationally recognized cybersecurity framework developed by the Australian Signals Directorate. It provides organizations with structured guidance to safeguard information and operational technology systems against evolving cyber threats.

Australian Government • Australia • vJune 2026

View details
CybersecurityStandard

NIPG — National Identity Proofing Guidelines 2025

The National Identity Proofing Guidelines 2025 provide voluntary, risk-based best-practice guidance for verifying an individual's identity, aligned with Digital ID Accreditation Rules to promote consistency across physical and digital identity verification processes. The guidelines support organizations in strengthening identity-proofing practices, increasing trust through a standardized and transparent approach, and enabling more identity verification activities to be conducted online. By leveraging national identity verification services, organizations can reduce the need to store identity document copies, resulting in lower costs, improved privacy, reduced data breach risks, and stronger protection against identity fraud.

Australian Government • Australia

View details

Ready to manage these frameworks?

6clicks maps regulations to controls, evidence and risks — automatically.

Book your strategy call