Information Security Manual (ISM) - July 2020

This download includes the ISM controls as of July 2020. There are no mapped questions. Use this download if you just want the provisions and you want to create your own question set. If you need help with an assessment you may like to engage a service provider including an IRAP assessor.

The purpose of the Australian Government Information Security Manual (ISM) is to outline a cyber security framework that organisations can apply, using their risk management framework, to protect their systems and information from cyber threats.

The ISM is primarily targeted towards Australian Government departments and agencies that handle Australian Government official information, including service providers.

The ISM (July 2020 release) includes 715 controls across the following 22 guidelines:

• Guidelines for Cyber Security Roles
• Guidelines for Cyber Security Incidents
• Guidelines for Outsourcing
• Guidelines for Security Documentation
• Guidelines for Physical Security
• Guidelines for Personnel Security
• Guidelines for Communications Infrastructure
• Guidelines for Communications Systems
• Guidelines for Enterprise Mobility
• Guidelines for Evaluated Products
• Guidelines for ICT Equipment Management
• Guidelines for Media Management
• Guidelines for System Hardening
• Guidelines for System Management
• Guidelines for System Monitoring
• Guidelines for Software Development
• Guidelines for Database Systems Management
• Guidelines for Email Management
• Guidelines for Network Management
• Guidelines for Using Cryptography
• Guidelines for Gateway Management
• Guidelines for Data Transfers and Content Filtering