Skip to content
Control Stack logo Control Stack
ISM-1317 ASD Information Security Manual (ISM)

Secure Naming of Non-Public Wireless Networks

Ensure non-public WiFi network names (SSIDs) don't reveal info about the organisation or location.

Preventative Non-classified OFFICIAL: Sensitive PROTECTED SECRET TOP SECRET ASD Information Security ManualGuidelines for networkingnetwork security

🏛️ Framework

ASD Information Security Manual (ISM)

🧭 Control effect

Preventative

🔐 Classifications

NC, OS, P, S, TS

🗓️ ISM last updated

Feb 2022

✏️ Control Stack last updated

19 Mar 2026

🎯 E8 maturity levels

N/A

Guideline

Guidelines for networking

Section

Wireless networks

Topic

Default Settings
Official control statement
SSIDs of non-public wireless networks are not readily associated with an organisation, the location of their premises or the functionality of wireless networks.

Source: ASD Information Security Manual (ISM)

Plain language

When setting up Wi-Fi for staff and authorised people only, it's important to use a name that doesn't give away any details about your business or where you're located. This matters because if the wrong people know your network's purpose or location, they might try to break into it, risking your data and privacy.

Why it matters

If non-public SSIDs expose the organisation, site or network purpose, attackers can identify targets and plan focused intrusion or phishing attempts.

Operational notes

Use neutral, non-identifying SSIDs for non-public WLANs; avoid business names, building/floor labels and function names, and review SSIDs after changes.

Implementation tips

  • The IT team should choose a generic name for the Wi-Fi network that doesn’t include the company’s name or location. They can use a name that is simple and not linked to your business, like 'BlueWave43'.
  • The office manager should communicate to staff and authorised users to avoid discussing or sharing the Wi-Fi name in public places. This can be done by sending a company-wide email with instructions on keeping network details private.
  • System administrators should periodically review and change the Wi-Fi SSID as needed. They can schedule biannual reviews to consider if the current naming convention still sufficiently disguises the network origin.
  • Human Resources should include clear information in the employee handbook about why it's important to keep the SSID secret. They can make this part of the new hire orientation session to ensure everyone understands the policy from day one.
  • Procurement should ensure that when new networking equipment is purchased, the default Wi-Fi name (SSID) is changed immediately. They should check with the IT team that the new names follow the non-descriptive naming policy.

Audit / evidence tips

  • Ask: a list of current Wi-Fi network names

    Good: result is seeing generic, non-identifiable names

  • Good: would be a policy document with a section distinctly addressing SSID naming

  • Ask: a few staff members what they know about the Wi-Fi naming policy. A satisfactory answer is that employees understand the purpose and importance of keeping names non-identifiable

  • Good: example includes detailed logs demonstrating deliberate non-identifiable naming choices

Cross-framework mappings

How ISM-1317 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.

These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.

ISO 27001

Control Notes Details
Partially meets (1)
Annex A 8.20 ISM-1317 requires that SSIDs for non-public wireless networks are named so they are not readily associated with the organisation, its loc...

Mapping detail

Mapping

Direction

Controls