ISM-0142 policy ASD Information Security Manual (ISM)

Report Cryptographic Equipment Compromises Promptly

Notify security officers quickly if cryptographic equipment or keys might be compromised.

Responsive NC OS P ASD Information Security ManualGuidelines for cryptography cryptography incident reporting

record_voice_over

Plain language

This control is about reporting immediately if you think the devices or codes that protect your organisation's electronic information might have been compromised. This matters because if a malicious actor gains access to your secure communications or data, they could steal sensitive information, causing significant harm to your business's reputation and operations.

01 - Overview

Framework

ASD Information Security Manual (ISM)

Control effect

Responsive

Classifications

NC, OS, P, S, TS

ISM last updated

May 2023

Control Stack last updated

19 Mar 2026

E8 maturity levels

N/A

Guideline

Guidelines for cryptography

Section

Cryptographic fundamentals

Topic

Reporting Cryptographic-related Cyber Security Incidents

Official control statement

The compromise or suspected compromise of cryptographic equipment or associated keying material is reported to the chief information security officer, or one of their delegates, as soon as possible after it occurs.

policy ASD Information Security Manual (ISM) ISM-0142

priority_high

Why it matters

Failure to promptly report compromised cryptographic equipment or keying material can allow continued exposure of protected data and unauthorised access.

settings

Operational notes

Train staff to recognise crypto equipment/key compromise indicators and report immediately to the CISO (or delegate) using defined incident channels.

02 - Implement

build

Implementation tips

Business owners should educate all staff on recognising the signs of compromised cryptographic equipment or keys, such as unexpected malfunctions or unauthorised access alerts. This can be done through regular training sessions where employees learn what to watch for and how to report it promptly.
The IT manager should establish a clear communication channel that all staff can use to report potential compromises. This might involve setting up a dedicated email address or phone line and ensuring that all staff know how to use these channels.
The chief information security officer (CISO) or their delegate should ensure that any reported compromise is logged immediately. This could be done using a standard incident log template that captures essential details like the time of report, nature of the suspected compromise, and any initial actions taken.
Managers should work with their teams to conduct regular reviews of any cryptographic equipment to ensure it is functioning correctly and not showing signs of compromise. This can involve routine checks and scheduled maintenance tasks that are documented and shared with the CISO.
In the event of a suspected compromise, the CISO should have an action plan that outlines the immediate steps to take. This plan might include isolating affected equipment, conducting a preliminary assessment, and planning communication to affected parties.

03 - Audit

fact_check

Audit / evidence tips

AskThe incident log of reported cryptographic compromises: Check to see that the log includes dates, details of the suspected compromise, and actions taken GoodClearly shows regular and prompt entries with specific follow-up actions recorded
GoodIs evidence that these records are maintained and demonstrable reports have been made
AskThem to describe how they handle suspected compromises GoodIs a clear and consistent process where staff know whom to contact and the CISO can explain the subsequent steps taken
GoodSession includes interactive elements and practical examples that help staff understand what to do in real situations
GoodIs evidence of ongoing maintenance with a record of any identified issues and their resolution

04 - Mappings

link

Cross-framework mappings

How ISM-0142 relates to controls across ISO/IEC 27001, ISO/IEC 42001, Essential Eight, and ASD ISM.

ISO 27001

Control	Notes	Details
layers Partially meets (1) expand_less
Annex A 6.8	ISM-0142 requires organisations to report compromise or suspected compromise of cryptographic equipment or keying material to the CISO (o...
sync_alt Partially overlaps (1) expand_less
Annex A 8.24	Annex A 8.24 requires rules for cryptography use and key management, including handling events that may impact key/material confidentiali...

E8

Control	Notes	Details
layers Partially meets (3) expand_less

E8-AC-ML2.9	E8-AC-ML2.9 requires all cyber security incidents to be reported to the CISO (or delegate) as soon as possible

E8-MF-ML2.10	ISM-0142 requires organisations to report the compromise or suspected compromise of cryptographic equipment or associated keying material...

E8-RA-ML2.11	ISM-0142 requires organisations to report the compromise or suspected compromise of cryptographic equipment or associated keying material...
sync_alt Partially overlaps (3) expand_less

E8-AC-ML2.10	ISM-0142 requires organisations to report compromise or suspected compromise of cryptographic equipment or associated keying material to ...

E8-AH-ML2.16	E8-AH-ML2.16 requires cyber security incidents to be reported to the CISO (or delegate) as soon as possible after occurrence or discovery

E8-MF-ML2.11	E8-MF-ML2.11 requires cyber security incidents to be reported to ASD as soon as possible after they occur or are discovered

These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.