Report cyber security incidents to ASD quickly
Notify ASD promptly when cyber security incidents occur or are discovered.
Plain language
If a cyber security incident happens, like hackers trying to break into your business systems, it's crucial to let the Australian Signals Directorate (ASD) know about it as soon as possible. This helps protect not only your business but also others by allowing ASD to provide guidance and possibly stop further attacks.
Framework
ASD Essential Eight
Control effect
Responsive
E8 mitigation strategy
Application control
Classifications
N/A
Official last update
N/A
Control Stack last updated
19 Mar 2026
E8 maturity levels
ML2
Official control statement
Cyber security incidents are reported to ASD as soon as possible after they occur or are discovered.
Why it matters
Delaying incident reports to ASD can slow threat correlation and response, increasing the chance of ongoing compromise and broader harm.
Operational notes
Document when to notify ASD, keep ASD contact details current, and rehearse the reporting workflow so incidents are reported as soon as discovered.
Implementation tips
- Business owner: Set up a clear process for when and how to report incidents to the ASD, including who is responsible for making the report.
- IT manager: Ensure the IT team knows about the ASD reporting requirements and include them in the company's incident response plan.
- Security officer: Regularly train staff on recognising cyber incidents and the importance of reporting them quickly.
- System administrator: Monitor systems for suspicious activity and prepare draft incident reports ready for quick submission to the ASD.
Audit / evidence tips
-
AskDoes the organisation have a procedure for reporting cyber incidents to the ASD?
-
GoodThe plan includes clear instructions to report incidents to the ASD as soon as they're detected
-
AskHas the staff been trained on reporting incidents to the ASD?
-
GoodStaff training sessions include information on identifying incidents and reporting them to ASD
Cross-framework mappings
How E8-AC-ML2.10 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ASD ISM
| Control | Notes | Details |
|---|---|---|
| sync_alt Partially overlaps (1) expand_less | ||
| ISM-0142 | ISM-0142 requires organisations to report compromise or suspected compromise of cryptographic equipment or associated keying material to ... | |
| handshake Supports (1) expand_less | ||
| ISM-0043 | E8-AC-ML2.10 requires timely reporting of cyber security incidents to ASD after occurrence or discovery | |
| link Related (1) expand_less | ||
| ISM-0140 | E8-AC-ML2.10 requires cyber security incidents to be reported to ASD as soon as possible after they occur or are discovered | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.