Terminate Cables Outside Cabinets in Secure Areas
In top secret areas, cables must end at the cabinet's edge unless in server or communications rooms.
Plain language
In areas where top-secret information is handled, it's crucial that cables are managed carefully. This control means that if the cables aren't within a server or communications room, they should be stopped right at the cabinet's edge to avoid security risks. If this isn't done, sensitive information could be tapped or intercepted by unauthorised parties, which could lead to data breaches and serious consequences for your organisation.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
NC, OS, P, S, TS
ISM last updated
Nov 2021
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Section
Cabling infrastructureOfficial control statement
In TOP SECRET areas, cable reticulation systems leading into cabinets not in server rooms or communications rooms are terminated at the boundary of the cabinet.
Why it matters
If cables are not terminated at the cabinet boundary in TOP SECRET areas, tapping or rerouting within the reticulation can expose TOP SECRET data and enable unauthorised access.
Operational notes
Inspect TOP SECRET secure areas to confirm reticulation cables are terminated at the cabinet boundary for cabinets outside server/comms rooms, and rectify any cable runs entering cabinets un-terminated.
Implementation tips
- IT team should inspect existing installations: Review all the cable installations in areas dealing with top-secret information. Check where the cables are terminated and ensure they stop at the cabinet's boundary if they are outside of server or communications rooms.
- Facilities manager should plan with IT staff: Collaborate to design cabling plans that meet this control during renovations or new installations. Ensure that new cables are routed into cabinets only through permitted areas.
- Security officer should verify cable routes: Conduct regular checks on the physical pathways of cables leading into cabinets. Use diagrams or walk-throughs to ensure they comply with the control requirements.
- IT team should document cabling compliance: Keep a detailed log of where cables are terminated in secure areas. This document should be periodically reviewed and updated to reflect changes or upgrades.
- Training coordinator should educate staff: Provide training sessions for staff involved in cable management about the importance of this control and its compliance requirements. Use real-world examples to illustrate potential risks of non-compliance.
Audit / evidence tips
-
Askcabling diagrams and termination logs: Request up-to-date layouts of cable installations in relevant secure areas
Goodshows all cables ending at cabinet boundaries in non-server locations
-
Askto see recent inspection reports: Request records of the most recent physical inspection conducted by security or IT staff
Goodincludes identified issues and clear resolution steps
-
Askstaff training records: Request documentation of training sessions conducted on this control
Goodshows comprehensive details of training with high participation rates
-
Askto review change management records: Request records of changes made to cable systems in secure areas
Goodcontains authorised signatures and clear compliance considerations
-
Askcompliance review schedules: Request information on the scheduled and completed compliance reviews
Goodincludes regular review dates and prompt corrective actions if needed
Cross-framework mappings
How ISM-1103 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (2) expand_less | ||
| Annex A 7.6 | ISM-1103 mandates a specific physical security measure for TOP SECRET secure areas: terminating cabling at the cabinet boundary when cabi... | |
| Annex A 7.12 | ISM-1103 requires that, in TOP SECRET areas, cable reticulation systems leading into cabinets (outside server/communications rooms) are t... | |
| handshake Supports (1) expand_less | ||
| Annex A 7.1 | Annex A 7.1 requires organisations to define and use physical security perimeters to protect areas containing information and associated ... | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.