Report cyber security incidents to ASD promptly
Notify ASD quickly about any cyber attacks or breaches.
Plain language
This control is all about quickly letting the Australian Signals Directorate (ASD) know if your organisation experiences a cyber attack or data breach. The reason this is important is because if you delay reporting, your organisation might suffer greater damage and you could miss out on help from ASD to handle the situation. In worst cases, attackers could cause ongoing harm to your systems and data.
Framework
ASD Essential Eight
Control effect
Responsive
E8 mitigation strategy
Restrict administrative privileges
Classifications
N/A
Official last update
N/A
Control Stack last updated
19 Mar 2026
E8 maturity levels
ML2
Official control statement
Cyber security incidents are reported to ASD as soon as possible after they occur or are discovered.
Why it matters
Delayed reporting to ASD can prolong active compromises, reduce access to ASD assistance and coordination, and increase broader sector impacts.
Operational notes
Report cyber security incidents to ASD as soon as identified; include timeline, affected systems, indicators, severity, and a 24/7 contact for follow-up.
Implementation tips
- The IT team should create a clear reporting procedure. Design a simple step-by-step plan for reporting cyber incidents, ensuring everyone knows who to contact and what information is needed.
- The IT manager should train all staff on the importance of reporting incidents. Conduct regular sessions where staff learn why speed is crucial and how they can spot potential incidents.
- Security officers should set up automatic alerts for suspicious activities. Use software features that notify the right people immediately when something unusual is detected on the network.
- The office manager should keep a list of contacts for reporting. Maintain a current list of internal and ASD contacts who need to be informed if an incident occurs.
- The system administrator should conduct regular drills. Simulate potential cyber incidents to ensure everyone knows their role and the importance of prompt reporting.
Audit / evidence tips
-
AskWhat is the procedure for reporting cyber incidents to ASD?
-
GoodThe plan clearly states the steps and contact points for notifying ASD, including timelines
-
AskHow do you ensure staff understand the incident reporting procedure?
-
GoodRegular training sessions are documented, with records showing high attendance
-
AskHow quickly are incidents reported to the ASD?
-
GoodReports show incidents are consistently reported to ASD shortly after detection, as per procedure
Cross-framework mappings
How E8-RA-ML2.12 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (1) expand_less | ||
| Annex A 5.26 | E8-RA-ML2.12 requires prompt reporting of cyber security incidents to ASD | |
| sync_alt Partially overlaps (1) expand_less | ||
| Annex A 5.5 | E8-RA-ML2.12 requires cyber security incidents to be reported to ASD as soon as possible after they occur or are discovered | |
| extension Depends on (2) expand_less | ||
| Annex A 5.24 | E8-RA-ML2.12 requires organisations to report cyber security incidents to ASD as soon as possible after discovery | |
| Annex A 6.8 | E8-RA-ML2.12 requires prompt reporting of cyber security incidents to ASD once they occur or are discovered | |
ASD ISM
| Control | Notes | Details |
|---|---|---|
| sync_alt Partially overlaps (1) expand_less | ||
| ISM-0123 | E8-RA-ML2.12 requires cyber security incidents to be reported to ASD as soon as possible after they occur or are discovered | |
| handshake Supports (1) expand_less | ||
| ISM-0141 | E8-RA-ML2.12 requires cyber security incidents to be reported to ASD as soon as possible after they occur or are discovered | |
| extension Depends on (1) expand_less | ||
| ISM-0043 | E8-RA-ML2.12 requires cyber security incidents to be reported to ASD as soon as possible after they occur or are discovered | |
| link Related (1) expand_less | ||
| ISM-0140 | E8-RA-ML2.12 requires cyber security incidents to be reported to ASD as soon as possible after they occur or are discovered | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.