Search

Guidelines for system management Advice

Dec 12, 2024 This chapter of the Information security manual (ISM) provides guidance on system management.

Strategies to mitigate cybersecurity incidents: Mitigation details Publication

Feb 1, 2017 The Australian Signals Directorate (ASD) has developed prioritised mitigation strategies to help cybersecurity professionals in all organisations mitigate cybersecurity incidents caused by various cyberthreats. This guidance addresses targeted cyber intrusions (i.e. those executed by advanced persistent threats such as foreign intelligence services), ransomware and external adversaries with destructive intent, malicious insiders, ‘business email compromise’, and industrial control systems.

Essential Eight maturity model FAQ Publication

Oct 28, 2024 This publication provides answers to frequency asked questions on how to implement the Essential Eight.

Guidelines for communications systems Advice

Dec 12, 2024 This chapter of the Information security manual (ISM) provides guidance on communications systems.

Securing PowerShell in the enterprise Publication

Oct 6, 2021 This publication describes a maturity framework for PowerShell, balancing the security and business requirements of organisations. This framework enables organisations to take incremental steps towards securing PowerShell across their environment.

Infosec Registered Assessors Program (IRAP) Program page

Aug 15, 2024 The Infosec Registered Assessors Program (IRAP) ensures entities can access high-quality security assessment services.

PRC state-sponsored actors compromise and maintain persistent access to U.S. critical infrastructure Advisory

Feb 8, 2024 The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI) assess that People’s Republic of China (PRC) state sponsored cyber actors are seeking to preposition themselves on IT networks for disruptive or destructive cyberattacks against U.S. critical infrastructure in the event of a major crisis or conflict with the United States.

Deploying AI Systems Securely Publication

Apr 16, 2024 AI security is a rapidly evolving area of research. As agencies, industry, and academia discover potential weaknesses in AI technology and techniques to exploit them, organizations will need to update their AI systems to address the changing risks, in addition to applying traditional IT best practices to AI systems.

Small business cloud security guides

Apr 2, 2024 ASD's ACSC has released a series of guides designed to help small businesses secure their cloud environment.

Security considerations for edge devices Publication

Feb 5, 2025 Edge devices are an important part of many enterprise computing systems. They allow connection across various devices that aid in productivity. However, just like with all technology they are not without their vulnerabilities. Edge devices require attention and diligence to keep data safe and secure.

Cybersecurity guidelines

Jun 13, 2024 Practical guidance on how an organisation can protect their information technology and operational technology systems, applications and data from cyberthreats.

Foundations for modern defensible architecture Publication

Feb 10, 2025 The Foundations represent the first step to help organisations adopt a ‘modern defensible architecture’ approach, which will enable them to evolve alongside the threat landscape.

Alerts and advisories

Jan 30, 2023 Find the latest in cybersecurity alerts and advisories

Domain Name System security for domain resolvers Publication

Oct 6, 2021 This publication explores DNS security for recursive resolution servers. It also shares helpful strategies to reduce the risk of DNS resolver subversion or compromise.

Guidelines for networking Advice

Dec 12, 2024 This chapter of the Information security manual (ISM) provides guidance on networking.

Guidelines for enterprise mobility Advice

Dec 12, 2024 This chapter of the Information security manual (ISM) provides guidance on enterprise mobility.

Domain Name System security for domain owners Publication

Oct 6, 2021 This publication provides information on DNS security for domain owners. It also shared helpful strategies to reduce the risk of domain misuse.

Secure administration Publication

Oct 6, 2021 Privileged access allows administrators to perform their duties, and is often seen as the ‘keys to the kingdom’. This publication provides guidance on how to implement secure administration techniques as part of the management of privileged access.

Guidelines for gateways Advice

Dec 12, 2024 This chapter of the Information security manual (ISM) provides guidance on gateways.

Windows event logging and forwarding Publication

Oct 6, 2021 This publication has been developed as a guide to the setup and configuration of Microsoft Windows event logging and forwarding.

Security configuration guide: Apple iOS 14 devices Publication

Oct 6, 2021 ASD has developed this guide to assist Australians to understand risks when deploying iOS 14 devices and the security requirements that need to be met to allow them to handle classified data.

Security configuration guide: Samsung Galaxy S10, S20 and Note 20 devices Publication

Oct 6, 2021 ASD has developed this guide to assist Australian’s to understand risks when deploying Samsung Galaxy and Samsung Note devices and the security requirements that need to be met to allow them to handle classified data.

Critical Infrastructure Uplift Program (CI-UP) Program page

Apr 16, 2024 The Critical Infrastructure Uplift Program (CI-UP) offers a range of services that assist critical infrastructure (CI) partners to improve their resilience against cyberattacks.

Fundamentals of Cross Domain Solutions Publication

Oct 6, 2021 This publication introduces technical and non-technical audiences to cross domain security principles for securely connecting security domains.

Critical Infrastructure

Jul 22, 2024 Technical advice and non-regulatory guidance for critical infrastructure.

Implementing multi-factor authentication Publication

Nov 27, 2023 This publication has been developed to provide guidance on what multi-factor authentication is, different multi-factor authentication methods that exist and why some multi-factor authentication methods are more secure, and therefore more effective, than others.

The Commonwealth Cyber Security Posture in 2020 Reports and statistics

Jun 10, 2021 The Commonwealth Cyber Security Posture Report in 2020 informs the Parliament of the status of the Commonwealth’s cyber security posture. Overall, the report found that Commonwealth entities continued to improve their cyber security in 2020. Ongoing effort is required to maintain the currency and effectiveness of cyber security measures.

Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure Advisory

May 17, 2022 The cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom are releasing this joint Cybersecurity Advisory (CSA). The intent of this joint CSA is to warn organizations that Russia’s invasion of Ukraine has altered the geopolitical balance in ways that could expose organizations both within and beyond the region to increased malicious cyber activity. This activity may occur as a response to the unprecedented economic costs imposed on Russia as well as materiel support provided by the United States and U.S. allies and partners.

Secure your NAS device

Nov 29, 2024 Protect your network-attached storage (NAS) device and the important data it holds with this guide.

PRC State-Sponsored Cyber Activity Advisory

Mar 20, 2024 This fact sheet provides an overview for executive leaders on the urgent risk posed by People’s Republic of
China (PRC) state-sponsored cyber actors known as "Volt Typhoon."