Information Security Manual (ISM) - March 2023

This download includes the ISM controls as of March 2023. There are no mapped questions. Use this download if you just want the provisions and want to create your own question set. If you need help with an assessment you may like to engage a service provider including an IRAP assessor.

The purpose of the Australian Government Information Security Manual (ISM) is to outline a cybersecurity framework that organisations can apply, using their risk management framework, to protect their systems and information from cyber threats.

The ISM is primarily targeted towards Australian Government departments and agencies that handle Australian Government official information, including service providers.

The ISM (March 2023 release) includes 877 controls across the following 22 guidelines:

- Guidelines for Cyber Security Roles

- Guidelines for Cyber Security Incidents

- Guidelines for Procurement and Outsourcing

- Guidelines for Security Documentation

- Guidelines for Physical Security

- Guidelines for Personnel Security

- Guidelines for Communications Infrastructure

- Guidelines for Communications Systems

- Guidelines for Enterprise Mobility

- Guidelines for Evaluated Products

- Guidelines for ICT Equipment

- Guidelines for Media

- Guidelines for System Hardening

- Guidelines for System Management

- Guidelines for System Monitoring

- Guidelines for Software Development

- Guidelines for Database Systems

- Guidelines for Email

- Guidelines for Networking

- Guidelines for Cryptography

- Guidelines for Gateways

- Guidelines for Data Transfers