Use Evaluated Peripheral Switches Securely
Use verified switches to safely share devices between different computer systems.
Plain language
This control is about using approved switches to connect your devices to different computer systems securely. It matters because if you use an unapproved switch, there is a risk of accidentally allowing sensitive information to move between systems that should remain separate, which could lead to data breaches.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
NC, OS, P, S, TS
ISM last updated
Feb 2022
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Official control statement
Evaluated peripheral switches are used when sharing peripherals between systems.
Why it matters
Using non-evaluated switches for shared peripherals can lead to unintended data leaks between isolated systems, risking sensitive data exposure.
Operational notes
Regularly verify any peripheral switch used for shared devices is evaluated/approved, and replace non-evaluated units to prevent cross-domain data transfer.
Implementation tips
- IT team should choose evaluated peripheral switches: Identify switches that have been examined and approved by trusted authorities or standards. This can be done by referencing lists provided by the Australian Cyber Security Centre (ACSC) to ensure that the switches meet security standards.
- Procurement staff should buy only verified switches: Always purchase peripheral switches from reputable suppliers who provide devices with verified security credentials. Make sure to check for compliance certificates or endorsements from official cyber security bodies.
- System administrators should configure the switches properly: Set up the switches so they only allow necessary connections and block any unauthorised access. They should follow setup instructions from the manufacturer alongside security guidelines from the ACSC.
- Train employees on proper use: Office managers should organise training sessions for staff on how to correctly use the peripheral switches, highlighting the importance of maintaining the security settings and why it’s risky to switch devices without approval.
- Conduct regular security reviews: The IT security team should routinely check that all peripheral switches in use are still compliant with the latest security updates and guidelines. This involves reviewing logs and testing connections to ensure no unintended data pathways exist.
Audit / evidence tips
- AskThe approved equipment list: Request documentation listing all peripheral switches in use GoodWill show only switches that have been verified and no use of non-compliant models
- AskTo see the procurement records: Request records or receipts of purchasing transactions for peripheral switches GoodDisplays complete documentation showing compliance checks
- AskConfiguration settings: Request current configuration files for installed peripheral switches GoodShows secure setups with no unauthorized pathways
- AskTraining logs: Request the training schedule and attendance records for sessions on secure switch usage GoodProvides thorough training records with feedback collected from participants
- AskRecent security review reports: Request the latest reports on security assessments of peripheral switches GoodIncludes a documented assessment and resolution of any found issues
Cross-framework mappings
How ISM-0591 relates to controls across ISO/IEC 27001, ISO/IEC 42001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (2) expand_less | ||
| Annex A 8.1 | ISM-0591 requires organisations to use evaluated peripheral switches when sharing peripherals between systems to prevent security breache... | |
| Annex A 8.27 | ISM-0591 requires using evaluated peripheral switches to minimise risks of cross-system compromise, which is a specific application under... | |
| handshake Supports (3) expand_less | ||
| Annex A 8.9 | ISM-0591 requires the use of specific evaluated peripheral switches to define a security hardware configuration, supporting Annex A 8.9 (... | |
| Annex A 8.12 | ISM-0591 specifies the use of evaluated peripheral switches to mitigate the risk of data leakage or unauthorized command execution across... | |
| Annex A 8.22 | ISM-0591 mandates that evaluated peripheral switches be used to prevent shared devices from bridging segregated systems, thereby supporti... | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.