About
Control Stack
Control Stack is a public catalogue of Australian security controls. It distils ISO/IEC 27001:2022, the ASD Essential Eight and the ASD Information Security Manual into consistent cards with plain-language summaries, implementation tips and audit evidence guidance.
Each control includes linked tags, classification levels and maturity cues so you can quickly see how ISO requirements align with ASD obligations or Essential Eight maturity goals.
Why build this?
Controls are rewritten in plain English so stakeholders understand intent, not just clause numbers or acronyms.
Who it helps
CISOs, compliance managers, internal audit and partners who need a central library of authoritative control language.
What you get
Cross-framework mappings, implementation tips and audit-ready evidence examples for every control.
How teams use Control Stack
- 1 ISO 27001 certification
Use the plain-language Annex A cards and audit evidence tips to draft your Statement of Applicability and prepare for Stage 1 and Stage 2 audits.
- 2 Essential Eight maturity uplift
Filter controls by maturity level and strategy to build a prioritised remediation plan, then share the implementation tips with your technical teams.
- 3 ISM compliance for government systems
Browse ISM controls by guideline and classification level to identify which controls apply to your system and use the cross-framework mappings to show alignment with ISO and Essential Eight.
- 4 Internal audit and assurance
Reference the audit evidence examples on each control card to build testing procedures, or use the cross-framework mappings to consolidate overlapping audit programs.
Have an issue or suggestion? Drop us a line at info@controlstack.au.