Ensure Content Validation for Gateway Files
Check files coming in and out of gateways to ensure they meet security standards.
🏛️ Framework
ASD Information Security Manual (ISM)
🧭 Control effect
Preventative
🔐 Classifications
NC, OS, P, S, TS
🗓️ ISM last updated
Feb 2022
✏️ Control Stack last updated
22 Feb 2026
🎯 E8 maturity levels
N/A
Files imported or exported via gateways or CDSs undergo content validation.
Source: ASD Information Security Manual (ISM)
Plain language
This control is about making sure that any files moving in or out through your organisation's computer gateways (like email or file transfer systems) are checked to meet security standards. This is crucial because if harmful files get in, they could cause serious problems, like data breaches, operational failures, or financial loss.
Why it matters
Without content validation at gateways/CDSs, malicious or unauthorised files can enter or leave, causing data breaches, system compromise and financial loss.
Operational notes
Maintain gateway/CDS content validation by updating signatures/rules, testing import/export samples, and reviewing validation logs to tune allow/deny policies and catch bypasses.
Implementation tips
- IT team should set up a file scanning software: Ensure this software is installed on all gateways such as email servers or FTP sites. The software should be configured to automatically scan every file entering or leaving the network.
-
Look at: anomalies or any large, unexpected file movements that could suggest security issues
- Compliance officer should define security standards: Draft a clear policy on what types of files are considered safe. Communicate these standards to all employees and make sure the file scanning tools are updated to reflect these rules.
- Security team should conduct regular training: Educate staff on the importance of not sending or opening suspicious files. Provide simple guidelines on what to look for and who to contact if they suspect a file is unsafe.
- IT manager should enforce policy breaches: Set up alerts for when unsafe files are detected. Develop a response plan that includes notifying the relevant staff and rectifying any vulnerabilities immediately.
Audit / evidence tips
-
Ask: the file scanning software logs: Request records showing scans from the past three months
Good: shows consistent scanning with zero missed threats
-
Ask: the file transfer policy document: Request the written policy outlining the acceptable file types and sizes for transfer
Good: shows clear, up-to-date guidelines
-
Ask: training session records: Request evidence of security training sessions provided to the staff
Good: is regular, comprehensive training with broad employee participation
-
Ask: alert notifications: Request records of alerts triggered by unsafe files
Good: includes a timely response log and effective remedial action outlined for each incident
-
Ask: a list of authorised personnel: Request a list of who is allowed to manage and override file scanning protocols
Good: is limited to only necessary personnel, with logs showing minimal and justified overrides
Cross-framework mappings
How ISM-1284 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| Partially meets (1) | ||
| Annex A 5.14 | ISM-1284 requires that files imported or exported via gateways or Cross Domain Solutions (CDSs) undergo content validation to prevent uns... | |
| Supports (2) | ||
| Annex A 8.20 | ISM-1284 requires that organisations validate the content of files entering or leaving via gateways/CDSs to reduce the risk of malicious ... | |
| Annex A 8.21 | ISM-1284 requires content validation of files traversing gateways/CDSs to control what is permitted to pass between network domains | |