Ensure Cables Are Not Salmon Pink or Red
Do not use salmon pink or red for non-classified, sensitive, or protected cables.
Plain language
When setting up your network cables, make sure they're not coloured salmon pink or red if they're for everyday use and not intended for classified, sensitive, or protected information. This matters as certain colour codes are reserved for specific purposes, and using these colours wrongly can lead to confusion or accidental mishandling of sensitive data.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
NC, OS, P
ISM last updated
Nov 2024
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Section
Cabling infrastructureTopic
Cable ColoursOfficial control statement
Non-classified, OFFICIAL: Sensitive and PROTECTED cables are coloured neither salmon pink nor red.
Why it matters
Using salmon pink or red cables for non-classified, OFFICIAL: Sensitive or PROTECTED links can cause misidentification and increase mishandling risk.
Operational notes
Inspect cabling periodically to confirm salmon pink/red are not used for non-classified, OFFICIAL: Sensitive or PROTECTED runs. Set procurement rules to block these colours.
Implementation tips
- IT team should review existing cabling: Conduct an audit of all current cables in use to check if any are salmon pink or red and replace them as necessary. Use a checklist to ensure all office areas are covered during the inspection.
- Procurement should source compliant cables: When purchasing new cables, ensure they are not salmon pink or red unless specifically required for classified systems. Request sample swatches from suppliers to confirm compliance before ordering.
- Office managers should educate staff: Organise a short briefing with employees about cable colour codes and their importance. Use visual aids like charts showing acceptable cable colours and distribute a one-page guide for quick reference.
- Facility managers should label network cables: Consistently label all network cables by their function and purpose, avoiding salmon pink and red for non-sensitive uses. Use colour coding charts to match labels to the correct colours.
- Compliance officers should update policies: Ensure internal policies reflect this control by including a section on cable colour coding for all new installations and upgrades. Review the policies with relevant team leads to guarantee understanding and adherence.
Audit / evidence tips
-
Askthe cable inventory list: Request documentation showing the inventory of all network cables in current use within the organisation
Goodis a complete list showing no use of salmon pink or red for non-sensitive cables
-
Askthe procurement records: Review procurement documentation for recent cable purchases
Goodshows no salmon pink or red cables ordered for non-sensitive data
-
Askstaff training records: Request records of training sessions or briefings given to staff regarding cable colour policies
Goodshows completed training with clear focus on adhering to the colour scheme
-
Aska sample of labelled cables: Visit the facility and request to inspect an area of the network cabling
Goodis that all network and patch cables follow the colour guidelines with no salmon pink or red used incorrectly
-
Askthe colour coding policy document: Request the internal policy that dictates cable colour usage in the organisation
Goodincludes a well-defined policy that limits red and salmon pink to specific, authorised uses only
Cross-framework mappings
How ISM-0926 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (2) expand_less | ||
| Annex A 5.13 | ISM-0926 mandates a specific labelling/identification convention by prohibiting salmon pink and red for certain sensitivity/classificatio... | |
| Annex A 7.12 | ISM-0926 requires that non-classified, OFFICIAL: Sensitive and PROTECTED cables are not coloured salmon pink or red, to avoid misidentifi... | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.