ISM-1322 policy ASD Information Security Manual (ISM)

Assessing 802.1X Components in Wireless Networks

Use evaluated devices and servers for secure wireless network authentication.

Preventative NC OS P ASD Information Security ManualGuidelines for networking authentication

record_voice_over

Plain language

When you connect to wireless internet at home or work, you want to make sure only the right people have access. This control ensures that devices and servers involved in allowing people onto the network are properly checked and secure. If you skip this step, unauthorised people could get in, potentially leading to sensitive information being stolen or the network being disrupted.

01 — Overview

Framework

ASD Information Security Manual (ISM)

Control effect

Preventative

Classifications

NC, OS, P, S, TS

ISM last updated

Aug 2021

Control Stack last updated

19 Mar 2026

E8 maturity levels

N/A

Guideline

Guidelines for networking

Section

Wireless networks

Topic

Evaluation of 802.1x Authentication Implementation

Official control statement

Evaluated supplicants, authenticators, wireless access points and authentication servers are used in wireless networks.

policy ASD Information Security Manual (ISM) ISM-1322

priority_high

Why it matters

Without evaluated 802.1X components, intruders can bypass network access controls, leading to data breaches and service disruptions.

settings

Operational notes

Verify supplicants, APs, authenticators and AAA servers are evaluated/approved, and keep their firmware current.

02 — Implement

build

Implementation tips

The IT team should evaluate wireless devices: Check that all devices, such as laptops and phones, which connect to the wireless network, are from trusted vendors and have the latest security checks in place. They can do this by maintaining an updated list of approved devices and ensuring these are evaluated regularly.
Managers should work with IT to choose authenticator equipment: They should pick equipment like wireless routers that include strong security features and have been reviewed for vulnerabilities. This can be done by consulting with a trusted IT security provider to make informed purchase decisions.
The system owner should ensure authentication servers are secure: Make sure that servers controlling who gets access to the network are protected against threats. This involves regular updates and security patches, which the IT team can schedule and execute.
Procurement teams should purchase evaluated wireless access points: Ensure these devices are from suppliers known for secure equipment, having undergone proper evaluation against industry standards. They can verify this by checking certifications and documentation that accompanies the equipment.
The IT department should conduct regular reviews: They need to check that all network components align with set security standards, including wireless access points. This process includes auditing existing devices and scanning for vulnerabilities and possible weak links.

03 — Audit

fact_check

Audit / evidence tips

Aska list of approved wireless devices: Request a report showing devices allowed to connect to the network

Goodshows all devices have recent evaluations and adhere to security guidelines
Askpurchase records of authenticator equipment: Examine these to see if the equipment was chosen based on security capabilities

Goodincludes documentation from a trusted security advisor who validated the equipment
Askpatch management records for authentication servers: These should detail updates and maintenance schedules

Goodis a well-documented schedule showing regular updates from trusted vendors
Askto see the security certifications of wireless access points: Request documentation showing these access points have passed evaluations

Goodincludes certifications from organisations like the ACSC or compliance with ASD standards
Askthe results of the last network security review: Request a document or report summarising the findings and solutions from recent checks

Goodincludes detailed findings with clear steps that were taken to mitigate risks

04 — Mappings

link

Cross-framework mappings

How ISM-1322 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.

ISO 27001

Control	Notes	Details
layers Partially meets (2) expand_less
Annex A 8.5	ISM-1322 requires organisations to use evaluated 802.1X components (supplicants, authenticators, wireless access points and authenticatio...
Annex A 8.20	ISM-1322 requires use of evaluated 802.1X ecosystem components to provide trustworthy authentication for wireless network access

These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.