Skip to content
arrow_back
E8-RA-ML2.12
search
E8-RA-ML2.12 bolt ASD Essential Eight

Report cyber security incidents to ASD promptly

Notify ASD quickly about any cyber attacks or breaches.

Responsive ML2 Essential EightRestrict admin privilegesinformation sharinggovernanceincident reportingincident management
record_voice_over

Plain language

This control is all about quickly letting the Australian Signals Directorate (ASD) know if your organisation experiences a cyber attack or data breach. The reason this is important is because if you delay reporting, your organisation might suffer greater damage and you could miss out on help from ASD to handle the situation. In worst cases, attackers could cause ongoing harm to your systems and data.

Framework

ASD Essential Eight

Control effect

Responsive

E8 mitigation strategy

Restrict administrative privileges

Classifications

N/A

Official last update

N/A

Control Stack last updated

19 Mar 2026

E8 maturity levels

ML2

Official control statement

Cyber security incidents are reported to ASD as soon as possible after they occur or are discovered.
bolt ASD Essential Eight E8-RA-ML2.12
priority_high

Why it matters

Delayed reporting to ASD can prolong active compromises, reduce access to ASD assistance and coordination, and increase broader sector impacts.

settings

Operational notes

Report cyber security incidents to ASD as soon as identified; include timeline, affected systems, indicators, severity, and a 24/7 contact for follow-up.

build

Implementation tips

  • The IT team should create a clear reporting procedure. Design a simple step-by-step plan for reporting cyber incidents, ensuring everyone knows who to contact and what information is needed.
  • The IT manager should train all staff on the importance of reporting incidents. Conduct regular sessions where staff learn why speed is crucial and how they can spot potential incidents.
  • Security officers should set up automatic alerts for suspicious activities. Use software features that notify the right people immediately when something unusual is detected on the network.
  • The office manager should keep a list of contacts for reporting. Maintain a current list of internal and ASD contacts who need to be informed if an incident occurs.
  • The system administrator should conduct regular drills. Simulate potential cyber incidents to ensure everyone knows their role and the importance of prompt reporting.
fact_check

Audit / evidence tips

  • AskWhat is the procedure for reporting cyber incidents to ASD?
  • GoodThe plan clearly states the steps and contact points for notifying ASD, including timelines
  • AskHow do you ensure staff understand the incident reporting procedure?
  • GoodRegular training sessions are documented, with records showing high attendance
  • AskHow quickly are incidents reported to the ASD?
  • GoodReports show incidents are consistently reported to ASD shortly after detection, as per procedure
link

Cross-framework mappings

How E8-RA-ML2.12 relates to controls across ISO/IEC 27001, ISO/IEC 42001, Essential Eight, and ASD ISM.

ISO 27001

Control Notes Details
layers Partially meets (1) expand_less
Annex A 5.26 E8-RA-ML2.12 requires prompt reporting of cyber security incidents to ASD
sync_alt Partially overlaps (1) expand_less
Annex A 5.5 E8-RA-ML2.12 requires cyber security incidents to be reported to ASD as soon as possible after they occur or are discovered
extension Depends on (2) expand_less
Annex A 5.24 E8-RA-ML2.12 requires organisations to report cyber security incidents to ASD as soon as possible after discovery
Annex A 6.8 E8-RA-ML2.12 requires prompt reporting of cyber security incidents to ASD once they occur or are discovered

ASD ISM

Control Notes Details
sync_alt Partially overlaps (1) expand_less
ISM-0123 E8-RA-ML2.12 requires cyber security incidents to be reported to ASD as soon as possible after they occur or are discovered
handshake Supports (1) expand_less
ISM-0141 E8-RA-ML2.12 requires cyber security incidents to be reported to ASD as soon as possible after they occur or are discovered
extension Depends on (1) expand_less
ISM-0043 E8-RA-ML2.12 requires cyber security incidents to be reported to ASD as soon as possible after they occur or are discovered
link Related (1) expand_less
ISM-0140 E8-RA-ML2.12 requires cyber security incidents to be reported to ASD as soon as possible after they occur or are discovered

These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.

Mapping detail

Mapping

Direction

Controls