Approval Required for High Assurance IT Equipment Labelling
Seek approval before labelling high assurance IT equipment to ensure security standards.
🏛️ Framework
ASD Information Security Manual (ISM)
🧭 Control effect
Preventative
🔐 Classifications
S, TS
🗓️ ISM last updated
May 2024
✏️ Control Stack last updated
22 Feb 2026
🎯 E8 maturity levels
N/A
Section
IT equipment usageASD's approval is sought before applying labels to external surfaces of high assurance IT equipment.
Source: ASD Information Security Manual (ISM)
Plain language
Before putting labels on high-security IT equipment, you need to get approval from the Australian Signals Directorate (ASD). This is vital because incorrect labelling can lead to security risks, such as equipment being misused or targeted by cyber attackers.
Why it matters
Applying labels to external surfaces without ASD approval may reveal device assurance level, increasing targeting and risking compromise.
Operational notes
Before placing any external label on high assurance IT equipment, confirm and record ASD approval and use only the approved wording/format.
Implementation tips
- IT staff should identify equipment that requires high assurance labelling. Make a list of your IT equipment and determine which items are classified as high assurance by consulting organisational policy or ASD guidelines.
- System owners should prepare documentation for each high assurance equipment. Document what the equipment is, its purpose, and why it requires special labelling according to ASD standards.
- The compliance officer should submit the labelling documentation to ASD for approval. Create a formal request with all necessary paperwork and send it to ASD, making sure all arguments for labelling are clear and well-documented.
- IT managers should develop a process for labelling approved equipment. Once approval is received, devise a foolproof method for applying labels so they adhere properly and stay on securely without damaging the equipment.
- Procurement officers should keep track of all labelled equipment. Use an inventory system to ensure every piece of high assurance machinery with a label is accounted for, focusing on ensuring each label remains intact and visible.
Audit / evidence tips
-
Ask: the equipment labelling request submitted to ASD
Good: shows all fields completed correctly and a clear reason provided for labelling
-
Good: is a formal document or email showing ASD's approval with equipment details
-
Ask: how they ensure only ASD-approved labelling is on high assurance equipment
Good: includes methods for verifying labelled equipment matches ASD approvals and is randomly checked regularly
-
Good: shows labels are intact, legible, and situated in accordance with ASD guidelines
-
Good: shows consistent records dating back to the initial approval by ASD with regular updates
Cross-framework mappings
How ISM-0296 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| Partially overlaps (1) | ||
| Annex A 5.13 | ISM-0296 requires an organisation to seek ASD approval before applying any labels to the external surfaces of high assurance IT equipment... | |