Ensure Gateway and CDS File Content Sanitisation
Files passing through gateways or CDSs are cleaned to remove harmful content.
Plain language
This control is about making sure any file passing through your computer systems' entry and exit points is cleaned. This matters because harmful content like viruses or sensitive information leaks could get through if files aren't properly checked, potentially causing financial loss or damaging your business's reputation.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
NC, OS, P, S, TS
ISM last updated
Feb 2022
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Official control statement
Files imported or exported via gateways or CDSs undergo content sanitisation.
Why it matters
Failure to sanitise files at gateways or CDS may allow malware infiltration, exposing the organisation to potential data breaches and reputational damage.
Operational notes
Regularly update sanitisation tools and monitor logs for anomalies. Validate gateway/CDS file-type rules, and quarantine suspect files for analysis before allowing import or export.
Implementation tips
- System owners should work with IT staff to identify all gateways and Cross Domain Solutions (CDSs) where files enter or exit the organisation. This can be done by reviewing network diagrams and data flow maps to ensure all potential entry and exit points are covered.
- IT teams need to choose appropriate content sanitisation tools to clean files. They can look up recommendations from the Australian Cyber Security Centre (ACSC) or consult with experts to select tools that specifically remove viruses and strip harmful elements from files.
- Managers should set policies specifying that all files go through these selected tools before being used or sent out. This means establishing clear guidelines that staff must follow to submit files for sanitisation during regular workplace activities.
- IT staff are tasked with configuring the tools to automatically process files as they pass through gateways. This involves setting up the tools to work continuously in the background without needing constant supervision, ensuring no file goes unchecked.
- Office managers should conduct regular training sessions to remind all employees about the importance of this process. Using real-world examples of what could happen if harmful files get through can reinforce why they need to follow the process.
Audit / evidence tips
- AskThe list of gateways and CDSs identified by the organisation: Check that each entry and exit point for files is covered and noted GoodIncludes a comprehensive list that matches your network setup and data flow maps
- GoodProvides documentation showing the tools chosen based on ACSC guidelines or expert consultation
- AskThe policy documents regarding file sanitisation: Review them to ensure there's a clear process for file checking before any use or distribution GoodIncludes a policy that all staff understand and follow
- GoodShows logs proving the tools are set up and operational around the clock
- AskTraining records for staff awareness sessions GoodIncludes regular sessions and materials that cover risks and processes
Cross-framework mappings
How ISM-1287 relates to controls across ISO/IEC 27001, ISO/IEC 42001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| handshake Supports (1) expand_less | ||
| Annex A 8.7 | ISM-1287 requires that files imported or exported via gateways or cross domain solutions (CDSs) undergo content sanitisation to remove ha... | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.