Evaluate Peripheral Switches for Security Domains
Ensure devices used to share equipment between classified systems meet high security standards.
Plain language
This control is about ensuring that when you're using devices (like switches) to share equipment (like keyboards and monitors) between high-security computers, those devices are very secure themselves. If they're not secure, they could let sensitive information from one system accidentally mix with information from another, potentially leading to data leaks or security breaches.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
S, TS
ISM last updated
Feb 2022
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Official control statement
Evaluated peripheral switches used for sharing peripherals between SECRET and TOP SECRET systems, or between SECRET or TOP SECRET systems belonging to different security domains, preferably complete a high assurance evaluation.
Why it matters
If peripheral switches aren’t high-assurance evaluated, SECRET/TOP SECRET data may leak between security domains, compromising classified operations.
Operational notes
Regularly verify high assurance evaluations for new or updated switches, ensuring they meet cross-domain security requirements.
Implementation tips
- IT Team should carefully choose switches: Make sure that any switch used to share peripherals between SECRET and TOP SECRET systems is from a reputable vendor known for high-security standards. Research vendors that specialise in producing secure hardware and verify their certifications.
- Procurement should verify assurance levels: When purchasing equipment, check that the switches have been evaluated to at least the high assurance level as required for sensitive systems. Request assurance certificates from suppliers to confirm compliance.
- System owners should document configurations: Record exactly how the switches are setup, which systems they connect, and their security features. This includes ensuring no unexpected pathways exist between systems that might allow information leakage.
- Train staff on secure usage: Managers should organise training sessions for staff who use these systems regularly. Ensure they understand correct use procedures and the importance of maintaining the privacy and security of connected systems.
- Conduct regular checks on switches: IT Support should regularly inspect these peripheral switches to ensure they remain in good condition and haven't been tampered with. Include physical inspections and security setting reviews as part of routine maintenance.
Audit / evidence tips
-
Aska list of all peripheral switches in use: Request documentation listing each switch, their model, vendor, and assurance certification
GoodDocumentation is complete with certificates for each switch and matches vendor claims
-
Askto see configuration records: Request records detailing how the peripheral switches are set up and connected
GoodRecords are thorough, up-to-date, and accurately reflect current configurations
-
Askabout training sessions for staff: Request evidence of training materials and sign-in sheets for training sessions
GoodRegularly scheduled training with full attendance and detailed materials covered
-
Askrecent inspection reports: Request documents from regular checks on switches for physical integrity and configuration accuracy
GoodReports are carried out consistently, include all switches, and note any issues found and resolved
-
Aska policy on secure use: Request the internal policy on how these switches should be securely used and maintained
GoodA clear, detailed policy is in place, readily accessible, and followed by staff
Cross-framework mappings
How ISM-1457 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| handshake Supports (1) expand_less | ||
| Annex A 8.27 | ISM-1457 requires peripheral switches used to share peripherals between SECRET and TOP SECRET systems (or different security domains) to ... | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.