High Assurance Evaluation for Diode Gateways
Ensure diodes for secure data flow in sensitive networks are thoroughly evaluated for high security.
Plain language
This control is about making sure that special devices called diodes, which only allow data to flow in one direction between very secure networks and the public internet, are properly checked for security. If these diodes aren't thoroughly evaluated, unauthorised data could leak out of secure networks or harmful data could enter, risking sensitive information and network security.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
NC, OS, P, S, TS
ISM last updated
Feb 2022
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Official control statement
Evaluated firewalls are used between networks belonging to different security domains.
Why it matters
Improper evaluation of diode gateways can lead to unauthorised data leakage or harmful data ingress, risking sensitive network integrity.
Operational notes
Periodically verify evaluated firewall/diode configurations and re-check evaluation status after changes to ensure secure one-way data flow between security domains.
Implementation tips
- The IT team should identify all existing unidirectional gateways in the network and their related diodes. This can be done by reviewing network diagrams and confirming with network administrators which connections are using diodes.
- System owners and security officers should work together to select a trusted vendor for diode evaluation. They should consider vendors with Australian Signals Directorate (ASD) certification or similar high security credentials.
- IT managers should ensure regular assessments of diode functionality. This involves scheduling routine checks where engineers test and confirm that the diodes are operating as intended, allowing data flow in only one direction.
- The procurement team should include high assurance evaluation criteria in purchase contracts for diodes. They should specify the requirements for security testing and checks that the vendor needs to meet.
- Security auditors should establish a review process for diode evaluation reports. They should collect and verify these reports regularly, ensuring all tests are documented and any issues are addressed promptly.
Audit / evidence tips
-
Askthe list of systems using diode gateways with security classifications: Request documentation that identifies where unidirectional diodes are in place and the sensitivity level of each connected network
Goodshows comprehensive records linking diodes to SECRET or TOP SECRET networks
-
Askthe vendor evaluation reports: Request the most recent evaluation results from the diode vendor
Goodincludes detailed assessments covering security aspects and assurance levels
-
Askrecords of functional testing: Request documentation of routine checks performed on diode operations
Goodshows regular tests with documented pass results and corrective actions if issues were found
-
Askthe procurement policy documentation: Request the procurement policy that specifies security requirements for diode evaluations
Goodcontains explicit requirements aligned with high security standards
-
Askaudit logs of diode gateways: Request logs showing access to networks through diode-controlled gateways
Gooddemonstrates controlled, unidirectional data flow with no exception logs
Cross-framework mappings
How ISM-0639 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| handshake Supports (3) expand_less | ||
| Annex A 8.12 | ISM-0639 requires evaluated diode gateways/firewalls to control and constrain traffic between different security domains, primarily to re... | |
| Annex A 8.20 | ISM-0639 addresses high-assurance evaluation and use of firewalls/diode gateways between different security domains | |
| Annex A 8.22 | ISM-0639 requires the use of evaluated (high assurance) firewalls/diode gateway solutions when interconnecting networks in different secu... | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.