Skip to content
arrow_back
ISM-1430
search
ISM-1430 policy ASD Information Security Manual (ISM)

Configure IPv6 Addresses with DHCPv6 in Stateful Mode

Use DHCPv6 to manage and log IPv6 addresses centrally for enhanced network organisation.

Proactive NC OS P ASD Information Security ManualGuidelines for networkingconfigurationlogging
record_voice_over

Plain language

This control is about using a system called DHCPv6 to automatically assign IP addresses to devices on your network. Think of it like giving each device a unique phone number that lets it communicate in the digital world. By managing these addresses centrally, it helps keep track of which devices are using which addresses, making your network smoother and more secure. If you don't do this, your network could become disorganised, harder to manage, and vulnerable to attacks.

Framework

ASD Information Security Manual (ISM)

Control effect

Proactive

Classifications

NC, OS, P, S, TS

ISM last updated

Feb 2022

Control Stack last updated

19 Mar 2026

E8 maturity levels

N/A

Guideline

Guidelines for networking

Section

Network design and configuration

Topic

Using Internet Protocol Version 6

Official control statement

Dynamically assigned IPv6 addresses are configured with Dynamic Host Configuration Protocol version 6 in a stateful manner with lease data stored in a centralised event logging facility.
policy ASD Information Security Manual (ISM) ISM-1430
priority_high

Why it matters

Without stateful DHCPv6 with centralised lease logging, IPv6 address assignment becomes inconsistent, reducing traceability and enabling spoofing or unauthorised access.

settings

Operational notes

Validate DHCPv6 is stateful and forwarding/sending lease events to centralised logging; review leases for anomalies and stale entries after network changes.

build

Implementation tips

  • The IT team should configure a stateful DHCPv6 server on the network. This means setting up a central system that automatically manages IP addresses, ensuring each device gets a unique address. This helps prevent address conflicts and makes managing devices much easier.
  • Network administrators should monitor and log IP address assignments. Set up a system that keeps track of which device has which IP address and for how long. This record-keeping is essential for troubleshooting and security investigations.
  • System owners should ensure devices are configured to use DHCPv6. This involves setting up each device's network settings to 'automatic', allowing them to request an IP address from the DHCPv6 server. This step ensures all devices are correctly integrated into the network.
  • IT managers should implement centralised logging of DHCPv6 activity. Use a secure log management tool to gather and store logs from the DHCPv6 server. These logs provide a record of network activity and can be vital for security audits.
  • The security team should regularly review DHCPv6 lease logs. Conduct periodic reviews to understand network usage patterns and ensure that only authorised devices are connecting. This helps in early detection of unauthorised access attempts.
fact_check

Audit / evidence tips

  • Askthe DHCPv6 server configuration documentation: Verify the network settings and ensure stateful configuration is implemented as described in organisation policy

    Good: Up-to-date configuration scripts or screenshots confirming correct setup

  • Askto see DHCPv6 lease records: Request logs that show current and past IP address assignments to ensure logging is active

    Good: Review logs containing timestamped entries for address issuance and release

  • Asknetwork device configuration policies: Verify the policies for device network settings

    GoodPolicy documents outlining DHCPv6 settings with instructions for all device types

  • Askto review a sample DHCPv6 log file: Check that log files are being properly retained and can be traced to specific events

    Good: Log entries detailing device IPs, timestamps, and lease times

  • Asksecurity review meeting records: Verify discussions around reviewing DHCPv6 setup and effectiveness occur

    Good: Minutes from recent meetings showing evidence of review and planned improvements

link

Cross-framework mappings

How ISM-1430 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.

ISO 27001

Control Notes Details
layers Partially meets (1) expand_less
Annex A 8.20 ISM-1430 requires organisations to use DHCPv6 in a stateful mode to dynamically assign IPv6 addresses and store lease data in a centralis...
handshake Supports (2) expand_less
Annex A 8.16 ISM-1430 mandates stateful DHCPv6 use and centralized logging of lease data to support network monitoring
Annex A 8.32 ISM-1430's requirement for stateful DHCPv6 and centralized logging ties into Annex A 8.32 by ensuring that such configurations and logs a...

E8

Control Notes Details
handshake Supports (1) expand_less
E8-AC-ML2.8 ISM-1430 requires organizations to store DHCPv6 lease data centrally, helping to align with E8-AC-ML2.8 by providing crucial telemetry fo...

These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.

Mapping detail

Mapping

Direction

Controls