ISM-1417 policy ASD Information Security Manual (ISM)

Comprehensive Antivirus Protection on Systems

Ensure antivirus programs fully protect and scan computers daily to prevent infections.

Preventative NC OS P ASD Information Security ManualGuidelines for system hardening malware ransomware endpoints

record_voice_over

Plain language

This control ensures that your computers have antivirus software that is up-to-date and actively scanning for threats. It is crucial because without proper antivirus protection, your systems are vulnerable to malware, viruses, and ransomware that can steal data or disrupt operations.

01 - Overview

Framework

ASD Information Security Manual (ISM)

Control effect

Preventative

Classifications

NC, OS, P, S, TS

ISM last updated

May 2025

Control Stack last updated

19 May 2026

E8 maturity levels

N/A

Guideline

Guidelines for system hardening

Section

Operating system hardening

Topic

Antivirus Application

Official control statement

An antivirus application is implemented on workstations and servers with: - signature-based detection functionality enabled and set to a high level - heuristic-based detection functionality enabled and set to a high level - reputation rating functionality enabled - ransomware protection functionality enabled - detection signatures configured to update on at least a daily basis - regular scanning configured for all fixed disks and removable media.

policy ASD Information Security Manual (ISM) ISM-1417

priority_high

Why it matters

Without antivirus with signatures, heuristics, reputation and ransomware controls, malware can compromise servers/workstations, causing outages and data loss.

settings

Operational notes

Keep signature, heuristic and reputation checks set high; enable ransomware protection; verify daily signature updates; schedule scans for fixed disks and removable media.

02 - Implement

build

Implementation tips

The IT team should ensure that antivirus software is installed on all computers and servers. They can do this by creating an inventory list of all devices and checking that antivirus software is installed and working on each one.
System owners should verify that antivirus software is configured to update its detection signatures daily. This can be achieved by accessing the antivirus settings and ensuring the automatic update feature is enabled.
The IT support staff should set up the antivirus software to perform daily scans of all fixed and removable drives. This can be done by scheduling automatic scans through the antivirus software's scheduling feature.
IT managers should enable advanced features such as ransomware protection and heuristic detection. This involves reviewing the antivirus settings and turning on options for extra layers of protection if they are not already active.
Procurement should ensure that any new software or device purchases include a requirement for compatibility with the existing antivirus solution. They can include this requirement in contracts and verify the feature during vendor demonstrations.

03 - Audit

fact_check

Audit / evidence tips

AskThe antivirus installation records: Request a list of all computers and servers with currently installed antivirus software GoodIncludes all company devices with verified installations
AskThe configuration settings: Request a screenshot or report showing that daily signature updates are enabled GoodShows automatic daily updates are turned on
AskScan schedules: Request a printout or digital record of the antivirus scan schedule. Look to see if scans are set for all drives and media daily GoodSchedule shows scans happen every day without needing manual input
AskSecurity feature settings: Request evidence that advanced features like heuristic and ransomware detection are enabled GoodClearly indicates these features are switched on
AskProcurement checklists: Request documents showing that compatibility with antivirus solutions is checked for new purchases. Look to see that antivirus criteria are part of purchasing requirements GoodChecklist includes compatibility as a standard feature for new technology

04 - Mappings

link

Cross-framework mappings

How ISM-1417 relates to controls across ISO/IEC 27001, ISO/IEC 42001, Essential Eight, and ASD ISM.

ISO 27001

Control	Notes	Details
link Related (1) expand_less
Annex A 8.7	ISM-1417 mandates detailed antivirus implementation requirements (signature and heuristic detection set high, reputation ratings, ransomw...

E8

Control	Notes	Details
handshake Supports (1) expand_less
E8-RM-ML1.3	ISM-1417 requires comprehensive antivirus on workstations and servers, including high-level detection settings, daily signature updates, ...

These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.