Ensure Content Validation for Gateway Files
Check files coming in and out of gateways to ensure they meet security standards.
Plain language
This control is about making sure that any files moving in or out through your organisation's computer gateways (like email or file transfer systems) are checked to meet security standards. This is crucial because if harmful files get in, they could cause serious problems, like data breaches, operational failures, or financial loss.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
NC, OS, P, S, TS
ISM last updated
Feb 2022
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Official control statement
Files imported or exported via gateways or CDSs undergo content validation.
Why it matters
Without content validation at gateways/CDSs, malicious or unauthorised files can enter or leave, causing data breaches, system compromise and financial loss.
Operational notes
Maintain gateway/CDS content validation by updating signatures/rules, testing import/export samples, and reviewing validation logs to tune allow/deny policies and catch bypasses.
Implementation tips
- IT team should set up a file scanning software: Ensure this software is installed on all gateways such as email servers or FTP sites. The software should be configured to automatically scan every file entering or leaving the network.
-
Look atanomalies or any large, unexpected file movements that could suggest security issues
- Compliance officer should define security standards: Draft a clear policy on what types of files are considered safe. Communicate these standards to all employees and make sure the file scanning tools are updated to reflect these rules.
- Security team should conduct regular training: Educate staff on the importance of not sending or opening suspicious files. Provide simple guidelines on what to look for and who to contact if they suspect a file is unsafe.
- IT manager should enforce policy breaches: Set up alerts for when unsafe files are detected. Develop a response plan that includes notifying the relevant staff and rectifying any vulnerabilities immediately.
Audit / evidence tips
-
Askthe file scanning software logs: Request records showing scans from the past three months
Goodshows consistent scanning with zero missed threats
-
Askthe file transfer policy document: Request the written policy outlining the acceptable file types and sizes for transfer
Goodshows clear, up-to-date guidelines
-
Asktraining session records: Request evidence of security training sessions provided to the staff
Goodis regular, comprehensive training with broad employee participation
-
Askalert notifications: Request records of alerts triggered by unsafe files
Goodincludes a timely response log and effective remedial action outlined for each incident
-
Aska list of authorised personnel: Request a list of who is allowed to manage and override file scanning protocols
Goodis limited to only necessary personnel, with logs showing minimal and justified overrides
Cross-framework mappings
How ISM-1284 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (1) expand_less | ||
| Annex A 5.14 | ISM-1284 requires that files imported or exported via gateways or Cross Domain Solutions (CDSs) undergo content validation to prevent uns... | |
| handshake Supports (2) expand_less | ||
| Annex A 8.20 | ISM-1284 requires that organisations validate the content of files entering or leaving via gateways/CDSs to reduce the risk of malicious ... | |
| Annex A 8.21 | ISM-1284 requires content validation of files traversing gateways/CDSs to control what is permitted to pass between network domains | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.