Use ESP Protocol for Secure IPsec Connections
ESP protocol is needed to securely encrypt and authenticate IPsec connections.
🏛️ Framework
ASD Information Security Manual (ISM)
🧭 Control effect
Preventative
🔐 Classifications
NC, OS, P, S, TS
🗓️ ISM last updated
Feb 2022
✏️ Control Stack last updated
19 Mar 2026
🎯 E8 maturity levels
N/A
The ESP protocol is used for authentication and encryption of IPsec connections.
Source: ASD Information Security Manual (ISM)
Plain language
This control is about using the ESP (Encapsulating Security Payload) protocol to secure communications over the internet. It matters because, without the right protection, your data could be intercepted and read by the wrong people, leading to loss of privacy or exposure of sensitive information.
Why it matters
Without ESP, IPsec traffic may lack encryption/authentication, enabling interception or tampering and exposing sensitive data in transit.
Operational notes
Regularly confirm IPsec tunnels use ESP (not AH) with approved ciphers and integrity checks; review configs after changes and test to detect fallback to insecure settings.
Implementation tips
- The IT team should configure firewalls and routers to use the ESP protocol for all IPsec connections. This involves accessing the network’s hardware settings and specifically enabling ESP, which provides both encryption and data integrity checks.
- System administrators need to check that all devices capable of connecting to the network support the ESP protocol. They should create a checklist of devices and confirm their compatibility with ESP through user manuals or online specifications.
- Network managers should regularly update and patch systems to ensure continued compatibility with the latest ESP protocol standards. Set a reminder to check for updates from vendors and apply them promptly.
- IT security officers should conduct training sessions to educate staff on the importance of using secure connections, including how ESP strengthens IPsec. Use simple scenarios to show how data could be exposed without it.
- IT teams should collaborate with external partners to ensure that any third-party connections also utilise the ESP protocol. This can be done through regular meetings and documentation exchange to verify mutual compliance.
Audit / evidence tips
-
Ask: the network configuration documentation: Request detailed settings for firewalls and routers that show ESP is enabled
Good: is confirmed settings showing ESP is actively used
-
Ask: a device compatibility list: Request documentation validating each device's support for ESP
Good: is having an up-to-date list showing all network devices supporting ESP
-
Ask: system update schedules: Request documentation of system patch schedules to ensure updates are applied
Good: is a regularly maintained schedule with recent completion dates
-
Ask: training materials: Request copies of materials used in staff training sessions about secure connections
Good: is material that explains why and how ESP is used, with attended participant lists
-
Ask: communications with third-party partners: Request records of agreements or meeting notes regarding the use of ESP in shared systems
Good: is records showing clear, mutual agreement on ESP implementation
Cross-framework mappings
How ISM-0496 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| Partially meets (1) | ||
| Annex A 8.24 | ISM-0496 requires the ESP protocol to be used to provide encryption and authentication for IPsec connections | |