Consult ASD Before Changing CDS Connectivity
Consult ASD when adding connections to cross domain systems and follow their guidance.
Plain language
Before making any changes to how different computer systems communicate across boundaries, you need to consult with the Australian Signals Directorate (ASD). This is important because cross domain systems handle sensitive information, and improper connections can lead to data breaches or cyber attacks—potentially harming your business or reputation.
Framework
ASD Information Security Manual (ISM)
Control effect
Proactive
Classifications
S, TS
ISM last updated
Aug 2023
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Guideline
Guidelines for gatewaysSection
Cross Domain SolutionsOfficial control statement
When planning, designing, implementing or introducing additional connectivity to CDSs, ASD is consulted and any directions provided by ASD are complied with.
Why it matters
Unconsulted CDS connectivity changes can weaken cross-domain protections, risking classified data spillage and system compromise.
Operational notes
Before any CDS connectivity change, consult ASD early, document advice received, and implement all ASD directions before go-live.
Implementation tips
- System owners should contact the ASD before planning any new connections in cross domain systems. Reach out directly to ASD to discuss your plans and get their advice on necessary security measures.
- IT managers need to document the specific changes they propose and share this documentation with ASD. Describe what systems are involved, the purpose of the connection, and any existing security controls you have in place.
- Top management should assign a responsible person or team to coordinate with ASD. Ensure this team understands the importance of following ASD's guidance to maintain security and compliance.
- Procurement teams should verify that any new technology purchases align with ASD's recommendations. Ensure all suppliers or service providers understand and support compliance with ASD guidelines.
- Security officers must ensure that ASD's guidance is followed by incorporating their recommendations into the organisation's standard operating procedures. Conduct regular reviews to confirm adherence to these procedures.
Audit / evidence tips
-
Askcommunication records with ASD regarding new connections
Gooddetailed records showing ASD was consulted and their feedback was acknowledged
-
Goodincludes specifics such as the systems affected, reasons for changes, and security measures considered
-
Askthe procurement guidelines for technology related to cross domain systems
Goodis procurement processes that clearly incorporate ASD's recommendations
-
Goodprocedures that are regularly updated and reflect the latest ASD advice
Cross-framework mappings
How ISM-0597 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (1) expand_less | ||
| Annex A 8.32 | ISM-0597 requires that when an organisation plans, designs, implements or introduces additional connectivity to cross domain systems (CDS... | |
| handshake Supports (1) expand_less | ||
| Annex A 8.27 | ISM-0597 requires organisations to consult ASD and follow ASD directions when adding or changing connectivity to CDSs | |
| link Related (1) expand_less | ||
| Annex A 5.8 | Annex A 5.8 requires information security to be integrated into project management, including planning and design decisions that affect s... | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.