Inspecting and Filtering Data with Gateways
Gateways check and filter data to ensure only safe data passes through the network.
Plain language
Gateways are like checkpoints in your network that inspect the flow of data to make sure only safe information gets through. This is important because without these checks, harmful data could enter your network and compromise your systems, leading to data theft or operational disruptions.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
NC, OS, P, S, TS
ISM last updated
Feb 2022
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Official control statement
Gateways inspect and filter data flows at the transport and above network layers.
Why it matters
Without gateway inspection and filtering at transport layers and above, malicious or unauthorised traffic can reach internal services, causing compromise and data loss.
Operational notes
Review gateway L4/L7 inspection policies (e.g., protocol validation, allowed ports, application controls), tune rules from log alerts, and update signatures/rulesets.
Implementation tips
- Small business owners should work with their IT team to identify where gateways need to be placed in the network. Make sure these gateways are set up at entry and exit points of the network, so all data going in and out is checked.
- IT teams should configure the gateways to automatically block any data identified as a threat. This involves using tools that detect known problematic patterns in data, and setting rules in the gateway to prevent them from passing through.
- Managers should plan for regular updates of the gateway's software to ensure they can detect the latest threats. Work with IT vendors to receive timely updates and apply them promptly to the system.
- Office managers should establish a protocol for monitoring the gateway's activity logs. Ensure a designated person reviews these logs daily to spot any suspicious activity, like repeated access attempts or unusual data flows.
- Board members should ensure there is a policy requiring all staff to report unexpected or suspicious network activity immediately. Conduct training to make staff aware of what behaviours to report, and how to communicate these effectively.
Audit / evidence tips
-
Askthe network diagram showing gateway placement: Request a visual map of the network that highlights all locations where gateways are implemented
GoodClear diagrams showing gateways at all entry and exit points
-
Askthe configuration rules set on the gateways: Request documentation or screenshots showing the specific rules that govern data filtering
GoodRecent, detailed rules aligned with known threats and updated within the last quarter
-
Aska log of security incidents related to data entry: Request a report of past security events that involved the inflow or outflow of data through the gateway
GoodLogs showing timely action taken on incidents, with learnings applied
-
Askevidence of gateway software updates: Request records or confirmation of the latest gateway software versions and their update dates
GoodRegular updates in line with manufacturer recommendations, applied within the last month
-
Askstaff training records on reporting network threats: Request documentation or records of training sessions conducted for staff about network threat identification
GoodCompleted training logs from the last six months, covering threat identification and response procedures
Cross-framework mappings
How ISM-1192 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (1) expand_less | ||
| Annex A 8.20 | ISM-1192 requires gateways to inspect and filter data flows at the transport layer and above to control what traverses network boundaries | |
| sync_alt Partially overlaps (1) expand_less | ||
| Annex A 8.12 | ISM-1192 requires gateways to inspect and filter data flows at the transport layer and above to prevent unsafe or unauthorised content tr... | |
| handshake Supports (1) expand_less | ||
| Annex A 5.14 | ISM-1192 requires gateways to inspect and filter data flows at the transport layer and above to enforce what is permitted to traverse net... | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.