ISM-1192 ASD Information Security Manual (ISM)

Inspecting and Filtering Data with Gateways

Gateways check and filter data to ensure only safe data passes through the network.

Preventative Non-classified OFFICIAL: Sensitive PROTECTED SECRET TOP SECRET ASD Information Security Manual Guidelines for gateways Network security Firewalls

🏛️ Framework

ASD Information Security Manual (ISM)

🧭 Control effect

Preventative

🔐 Classifications

NC, OS, P, S, TS

🗓️ ISM last updated

Feb 2022

✏️ Control Stack last updated

22 Feb 2026

🎯 E8 maturity levels

N/A

Guideline

Guidelines for gateways

Section

Gateways

Topic

Implementing Gateways

Official control statement

Gateways inspect and filter data flows at the transport and above network layers.

Source: ASD Information Security Manual (ISM)

Plain language

Gateways are like checkpoints in your network that inspect the flow of data to make sure only safe information gets through. This is important because without these checks, harmful data could enter your network and compromise your systems, leading to data theft or operational disruptions.

Why it matters

Without gateway inspection and filtering at transport layers and above, malicious or unauthorised traffic can reach internal services, causing compromise and data loss.

Operational notes

Review gateway L4/L7 inspection policies (e.g., protocol validation, allowed ports, application controls), tune rules from log alerts, and update signatures/rulesets.

Implementation tips

Small business owners should work with their IT team to identify where gateways need to be placed in the network. Make sure these gateways are set up at entry and exit points of the network, so all data going in and out is checked.
IT teams should configure the gateways to automatically block any data identified as a threat. This involves using tools that detect known problematic patterns in data, and setting rules in the gateway to prevent them from passing through.
Managers should plan for regular updates of the gateway's software to ensure they can detect the latest threats. Work with IT vendors to receive timely updates and apply them promptly to the system.
Office managers should establish a protocol for monitoring the gateway's activity logs. Ensure a designated person reviews these logs daily to spot any suspicious activity, like repeated access attempts or unusual data flows.
Board members should ensure there is a policy requiring all staff to report unexpected or suspicious network activity immediately. Conduct training to make staff aware of what behaviours to report, and how to communicate these effectively.

Audit / evidence tips

Ask: the network diagram showing gateway placement: Request a visual map of the network that highlights all locations where gateways are implemented

Good: Clear diagrams showing gateways at all entry and exit points
Ask: the configuration rules set on the gateways: Request documentation or screenshots showing the specific rules that govern data filtering

Good: Recent, detailed rules aligned with known threats and updated within the last quarter
Ask: a log of security incidents related to data entry: Request a report of past security events that involved the inflow or outflow of data through the gateway

Good: Logs showing timely action taken on incidents, with learnings applied
Ask: evidence of gateway software updates: Request records or confirmation of the latest gateway software versions and their update dates

Good: Regular updates in line with manufacturer recommendations, applied within the last month
Ask: staff training records on reporting network threats: Request documentation or records of training sessions conducted for staff about network threat identification

Good: Completed training logs from the last six months, covering threat identification and response procedures

Cross-framework mappings

How ISM-1192 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.

These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.

ISO 27001

Control	Notes	Details
Partially meets (1)
Annex A 8.20	ISM-1192 requires gateways to inspect and filter data flows at the transport layer and above to control what traverses network boundaries
Partially overlaps (1)
Annex A 8.12	ISM-1192 requires gateways to inspect and filter data flows at the transport layer and above to prevent unsafe or unauthorised content tr...
Supports (1)
Annex A 5.14	ISM-1192 requires gateways to inspect and filter data flows at the transport layer and above to enforce what is permitted to traverse net...