The purpose of the Australian Government Information Security Manual (ISM) is to outline a cyber security framework that organizations can apply, using their risk management framework, to protect their systems and information from cyber threats.
The ISM is intended for Chief Information Security Officers (CISOs), Chief Information Officers (CIOs), cyber security professionals and information technology managers.
The ISM represents the considered advice of the Australian Cyber Security Centre (ACSC) within the Australian Signals Directorate (ASD). This advice is provided in accordance with ASD’s designated functions under section 7(1)(ca) of the Intelligence Services Act 2001.
The risk management framework used by the ISM draws from National Institute of Standards and Technology (NIST) Special Publication (SP) 800-37 Rev. 2, Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy. Within this risk management framework, the identification of security risks and selection of security controls can be undertaken using a variety of risk management standards, such as International Organization for Standardization (ISO) 31000:2018, Risk management – Guidelines. Broadly, the risk management framework used by the ISM has six steps: define the system, select security controls, implement security controls, assess security controls, authorize the system and monitor the system.
This content is available in English only.
Mappings for the Australian Government Information Security Manual (ISM) Authoritative Source Content to the RSA Archer Control Standard Library are available in the authoritative source content pack.
The source of this content comes from the Australian Signals Directorate.
The Australian Government Information Security Manual (ISM) Authoritative Source Content is available with the use of the RSA Archer Policy Program Management, RSA Archer IT Policy Program Management, and/or RSA Archer Authorization and Assessment use cases. No additional license is required.
For More Information
To learn more about the Australian Government Information Security Manual (ISM) Authoritative Source Content:
- Review the RSA Archer Content Import Tip Sheet for instructions on how to import content; and
- Download the Australian Government Information Security Manual (ISM) Authoritative Source Content Package.
For Additional Support
To learn more about this content, please contact your Account Rep for additional details. For technical support questions, please open a support case or contact RSA Archer at firstname.lastname@example.org for more information.