Contact ASD for Emanation Threat Assessment
Owners must ask ASD to assess security threats for high-security systems in fixed facilities.
🏛️ Framework
ASD Information Security Manual (ISM)
🧭 Control effect
Proactive
🔐 Classifications
S, TS
🗓️ ISM last updated
Nov 2023
✏️ Control Stack last updated
22 Feb 2026
🎯 E8 maturity levels
N/A
Section
Emanation securitySystem owners deploying SECRET or TOP SECRET systems within fixed facilities contact ASD for an emanation security threat assessment.
Source: ASD Information Security Manual (ISM)
Plain language
When you set up secure systems that deal with highly classified information in your organisation, like SECRET or TOP SECRET data, you must reach out to the Australian Signals Directorate (ASD) to check for potential security risks from electronic emissions. This matters because without this assessment, sensitive information could accidentally leak through technology like computers, leading to data breaches or unauthorised access that could damage your organisation's reputation and competitive edge.
Why it matters
Without an ASD emanation threat assessment, SECRET/TOP SECRET systems in fixed facilities may leak classified data via emissions.
Operational notes
Contact ASD to obtain and maintain an emanation threat assessment for SECRET/TOP SECRET fixed facilities, and track resulting mitigations to closure.
Implementation tips
- System owners should identify all systems within the organisation that handle SECRET or TOP SECRET information. Make a comprehensive list of these systems, noting down the types of information they handle and their physical locations in your facilities.
- System owners need to contact the ASD to request an emanation security threat assessment for each system identified. Visit the ASD website to find the appropriate contact information or seek guidance from your organisation's security advisor if available.
- Owners should coordinate with their IT team to gather technical details and prepare for the ASD assessment. Ensure that you have documented how the systems are set up, including any measures already in place to prevent emissions leaks.
- The IT team should accompany the system owner during the ASD assessment. This allows for detailed discussions about existing security controls and provides an opportunity to ask for any immediate advice or feedback from the ASD experts.
- After the assessment, system owners should work with the IT team to implement any recommendations provided by the ASD. Develop a follow-up action plan that prioritises critical actions and set timelines for completion, keeping records of all steps taken.
Audit / evidence tips
-
Ask: a copy of the list of systems handling SECRET or TOP SECRET information
Good: includes a dated list, reviewed recently, that accurately reflects current systems
-
Ask: any security reports issued by the ASD after their assessments. Review whether the reports identify specific risks and offer actionable recommendations
Good: report will clearly outline potential risks and suggest practical solutions or improvements
-
Good: action plan is well-structured with a timeline and accountability for follow-up
Cross-framework mappings
How ISM-1137 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| Partially overlaps (2) | ||
| Annex A 7.1 | ISM-1137 necessitates contacting ASD for an emanation security threat assessment for high-security systems | |
| Annex A 7.6 | ISM-1137 requires system owners of SECRET or TOP SECRET systems to contact ASD for an emanation threat assessment | |
| Supports (1) | ||
| Annex A 5.5 | ISM-1137 requires system owners deploying SECRET or TOP SECRET systems in fixed facilities to contact ASD for an emanation security threa... | |