Block Malicious or Uninspectable Files
Block files flagged as harmful or that cannot be scanned to prevent threats.
Plain language
This control is about blocking harmful files or those that can't be checked for safety before they can get into your systems. It's important because if dangerous files make it through, they can damage your data, slow down your operations, or even harm your reputation if customer information is compromised.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
NC, OS, P, S, TS
ISM last updated
Feb 2022
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Official control statement
Files identified by content filtering checks as malicious, or that cannot be inspected, are blocked.
Why it matters
If malicious or uninspectable files aren’t blocked, malware can bypass scanning (e.g., encrypted archives) and compromise systems and data.
Operational notes
Configure gateways to deny/quarantine files that fail inspection (encrypted/passworded archives, unknown types) and keep signatures/rules current.
Implementation tips
- IT team should set up content filtering: Use software that automatically checks and blocks files flagged as harmful. Choose a program that regularly updates its list of threats and automatically stops any file it can't check for safety.
- Office manager should create a file policy: Establish rules on what kinds of files can be received or downloaded. Train staff to recognise suspicious files and remind them to adhere strictly to these rules.
- System owner should review and update: Schedule regular checks of the content filtering settings to ensure it's up-to-date. Make improvements based on current threat trends to ensure harmful files are effectively blocked.
- HR should conduct awareness training: Educate employees on recognising and reporting suspicious files. Use real-life examples to demonstrate the risks of unscanned or malicious files to the team.
- Procurement should vet software vendors: When buying software, ensure the vendors provide solutions that meet content filtering needs. Prioritise those who offer strong support and regular updates to their products.
Audit / evidence tips
-
Askthe content filtering configuration report: Request documentation on how incoming files are filtered and blocked
GoodA detailed report showing file types blocked, update frequency, and any exceptions
-
Asktraining records: Request evidence of staff training on recognising malicious files
GoodRecords showing all staff trained and regular updates given
-
Askincident logs: Request logs of blocked files and any incidents arising from bypassed threats
GoodClear log showing frequency and handling of blocked files
-
Askpolicy documents: Request the organisation's policy on file handling and safety protocols
GoodA policy that explicitly lists allowed file types and staff responsibilities
-
Askvendor contracts: Request contracts or agreements with software vendors providing filtering solutions
GoodContracts indicating regular updates and strong vendor support
Cross-framework mappings
How ISM-0651 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (1) expand_less | ||
| Annex A 8.7 | ISM-0651 requires organisations to block files identified as malicious by content filtering checks, and to block files that cannot be ins... | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.