Decryption of Files for Content Filtering
Files are decrypted at gateways to ensure they're safe before passing through.
Plain language
This control is about making sure that any files coming into or leaving your organisation are safe by decrypting them at your gateways to check their contents. It matters because if you don't check these files, harmful content could enter your systems or sensitive information could leave without your knowledge, leading to data breaches or losses.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
NC, OS, P, S, TS
ISM last updated
Feb 2022
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Official control statement
Encrypted files imported or exported via gateways or CDSs are decrypted in order to undergo content filtering checks.
Why it matters
Without decrypting files for content filtering, malicious payloads can traverse gateways/CDSs unnoticed, causing data breaches and information leakage.
Operational notes
Configure gateways/CDSs to decrypt inbound and outbound encrypted files before content filtering, and maintain key/certificate handling so inspection remains effective.
Implementation tips
- Managers should ensure policies are in place so that all encrypted files passing through your organisation's gateways are decrypted. This can be done by writing clear procedures for the IT team to follow, stating that decryption is mandatory before any file passes through.
- IT teams should set up the necessary software and hardware at gateways to automatically decrypt files. This involves selecting software that can integrate with existing systems and setting it up to ensure all incoming and outgoing files are decrypted and scanned.
- System administrators should regularly monitor and update decryption tools to ensure they handle the latest types of encryption. They can schedule routine checks to install updates and patches that keep the tools effective against new encryption methods.
- Compliance officers should conduct regular training sessions with staff to ensure they understand why decrypted files are checked. This could involve workshops explaining the risks of unfiltered files and how to spot concerning signs.
- Security officers should create a system for securely storing logs of decrypted files to track when and who decrypted them. They can set up an organised filing process, ensuring only authorised staff have access to these logs.
Audit / evidence tips
-
Askthe decryption policy document: Request the document outlining procedures for decrypting files at gateways
Goodincludes a detailed procedure with responsible personnel identified
-
Goodshows logs that are regularly maintained and accurately record all decryption activities
-
Aska demonstration of the tool used for decryption: Look to see the tool in action, including how it integrates and works in real-time
Gooddemonstration shows that all types of encrypted files are correctly decrypted
-
Goodrecord shows that staff training is frequent and comprehensive, with clear indications of increased awareness
-
Askto see update and maintenance logs for decryption tools
Goodincludes a consistent schedule of maintenance and actions taken to address any detected issues
Cross-framework mappings
How ISM-1293 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| handshake Supports (1) expand_less | ||
| Annex A 8.12 | ISM-1293 requires encrypted files passing through gateways or CDSs to be decrypted so they can undergo content filtering checks | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.