Approval Required for High Assurance IT Equipment Labelling
Seek approval before labelling high assurance IT equipment to ensure security standards.
Plain language
Before putting labels on high-security IT equipment, you need to get approval from the Australian Signals Directorate (ASD). This is vital because incorrect labelling can lead to security risks, such as equipment being misused or targeted by cyber attackers.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
S, TS
ISM last updated
May 2024
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Section
IT equipment usageOfficial control statement
ASD's approval is sought before applying labels to external surfaces of high assurance IT equipment.
Why it matters
Applying labels to external surfaces without ASD approval may reveal device assurance level, increasing targeting and risking compromise.
Operational notes
Before placing any external label on high assurance IT equipment, confirm and record ASD approval and use only the approved wording/format.
Implementation tips
- IT staff should identify equipment that requires high assurance labelling. Make a list of your IT equipment and determine which items are classified as high assurance by consulting organisational policy or ASD guidelines.
- System owners should prepare documentation for each high assurance equipment. Document what the equipment is, its purpose, and why it requires special labelling according to ASD standards.
- The compliance officer should submit the labelling documentation to ASD for approval. Create a formal request with all necessary paperwork and send it to ASD, making sure all arguments for labelling are clear and well-documented.
- IT managers should develop a process for labelling approved equipment. Once approval is received, devise a foolproof method for applying labels so they adhere properly and stay on securely without damaging the equipment.
- Procurement officers should keep track of all labelled equipment. Use an inventory system to ensure every piece of high assurance machinery with a label is accounted for, focusing on ensuring each label remains intact and visible.
Audit / evidence tips
- AskThe equipment labelling request submitted to ASD GoodShows all fields completed correctly and a clear reason provided for labelling
- GoodIs a formal document or email showing ASD's approval with equipment details
- AskHow they ensure only ASD-approved labelling is on high assurance equipment GoodIncludes methods for verifying labelled equipment matches ASD approvals and is randomly checked regularly
- GoodShows labels are intact, legible, and situated in accordance with ASD guidelines
- GoodShows consistent records dating back to the initial approval by ASD with regular updates
Cross-framework mappings
How ISM-0296 relates to controls across ISO/IEC 27001, ISO/IEC 42001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| sync_alt Partially overlaps (1) expand_less | ||
| Annex A 5.13 | ISM-0296 requires an organisation to seek ASD approval before applying any labels to the external surfaces of high assurance IT equipment... | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.