Use ESP Protocol for Secure IPsec Connections
ESP protocol is needed to securely encrypt and authenticate IPsec connections.
Plain language
This control is about using the ESP (Encapsulating Security Payload) protocol to secure communications over the internet. It matters because, without the right protection, your data could be intercepted and read by the wrong people, leading to loss of privacy or exposure of sensitive information.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
NC, OS, P, S, TS
ISM last updated
Feb 2022
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Official control statement
The ESP protocol is used for authentication and encryption of IPsec connections.
Why it matters
Without ESP, IPsec traffic may lack encryption/authentication, enabling interception or tampering and exposing sensitive data in transit.
Operational notes
Regularly confirm IPsec tunnels use ESP (not AH) with approved ciphers and integrity checks; review configs after changes and test to detect fallback to insecure settings.
Implementation tips
- The IT team should configure firewalls and routers to use the ESP protocol for all IPsec connections. This involves accessing the network’s hardware settings and specifically enabling ESP, which provides both encryption and data integrity checks.
- System administrators need to check that all devices capable of connecting to the network support the ESP protocol. They should create a checklist of devices and confirm their compatibility with ESP through user manuals or online specifications.
- Network managers should regularly update and patch systems to ensure continued compatibility with the latest ESP protocol standards. Set a reminder to check for updates from vendors and apply them promptly.
- IT security officers should conduct training sessions to educate staff on the importance of using secure connections, including how ESP strengthens IPsec. Use simple scenarios to show how data could be exposed without it.
- IT teams should collaborate with external partners to ensure that any third-party connections also utilise the ESP protocol. This can be done through regular meetings and documentation exchange to verify mutual compliance.
Audit / evidence tips
-
Askthe network configuration documentation: Request detailed settings for firewalls and routers that show ESP is enabled
Goodis confirmed settings showing ESP is actively used
-
Aska device compatibility list: Request documentation validating each device's support for ESP
Goodis having an up-to-date list showing all network devices supporting ESP
-
Asksystem update schedules: Request documentation of system patch schedules to ensure updates are applied
Goodis a regularly maintained schedule with recent completion dates
-
Asktraining materials: Request copies of materials used in staff training sessions about secure connections
Goodis material that explains why and how ESP is used, with attended participant lists
-
Askcommunications with third-party partners: Request records of agreements or meeting notes regarding the use of ESP in shared systems
Goodis records showing clear, mutual agreement on ESP implementation
Cross-framework mappings
How ISM-0496 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (1) expand_less | ||
| Annex A 8.24 | ISM-0496 requires the ESP protocol to be used to provide encryption and authentication for IPsec connections | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.