Report Cryptographic Equipment Compromises Promptly
Notify security officers quickly if cryptographic equipment or keys might be compromised.
Plain language
This control is about reporting immediately if you think the devices or codes that protect your organisation's electronic information might have been compromised. This matters because if a malicious actor gains access to your secure communications or data, they could steal sensitive information, causing significant harm to your business's reputation and operations.
Framework
ASD Information Security Manual (ISM)
Control effect
Responsive
Classifications
NC, OS, P, S, TS
ISM last updated
May 2023
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Guideline
Guidelines for cryptographySection
Cryptographic fundamentalsOfficial control statement
The compromise or suspected compromise of cryptographic equipment or associated keying material is reported to the chief information security officer, or one of their delegates, as soon as possible after it occurs.
Why it matters
Failure to promptly report compromised cryptographic equipment or keying material can allow continued exposure of protected data and unauthorised access.
Operational notes
Train staff to recognise crypto equipment/key compromise indicators and report immediately to the CISO (or delegate) using defined incident channels.
Implementation tips
- Business owners should educate all staff on recognising the signs of compromised cryptographic equipment or keys, such as unexpected malfunctions or unauthorised access alerts. This can be done through regular training sessions where employees learn what to watch for and how to report it promptly.
- The IT manager should establish a clear communication channel that all staff can use to report potential compromises. This might involve setting up a dedicated email address or phone line and ensuring that all staff know how to use these channels.
- The chief information security officer (CISO) or their delegate should ensure that any reported compromise is logged immediately. This could be done using a standard incident log template that captures essential details like the time of report, nature of the suspected compromise, and any initial actions taken.
- Managers should work with their teams to conduct regular reviews of any cryptographic equipment to ensure it is functioning correctly and not showing signs of compromise. This can involve routine checks and scheduled maintenance tasks that are documented and shared with the CISO.
- In the event of a suspected compromise, the CISO should have an action plan that outlines the immediate steps to take. This plan might include isolating affected equipment, conducting a preliminary assessment, and planning communication to affected parties.
Audit / evidence tips
-
Askthe incident log of reported cryptographic compromises: Check to see that the log includes dates, details of the suspected compromise, and actions taken
Goodclearly shows regular and prompt entries with specific follow-up actions recorded
-
Goodis evidence that these records are maintained and demonstrable reports have been made
-
Askthem to describe how they handle suspected compromises
Goodis a clear and consistent process where staff know whom to contact and the CISO can explain the subsequent steps taken
-
Goodsession includes interactive elements and practical examples that help staff understand what to do in real situations
-
Goodis evidence of ongoing maintenance with a record of any identified issues and their resolution
Cross-framework mappings
How ISM-0142 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (1) expand_less | ||
| Annex A 6.8 | ISM-0142 requires organisations to report compromise or suspected compromise of cryptographic equipment or keying material to the CISO (o... | |
| sync_alt Partially overlaps (1) expand_less | ||
| Annex A 8.24 | Annex A 8.24 requires rules for cryptography use and key management, including handling events that may impact key/material confidentiali... | |
E8
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (3) expand_less | ||
| sync_alt Partially overlaps (3) expand_less | ||
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.