Maintaining an Authorised RF and IR Device Register
Keep a regularly updated list of approved RF and IR devices in secure areas.
Plain language
This control is about keeping a list of approved radio frequency (RF) and infrared (IR) devices for areas where sensitive information is handled. It's important because unauthorised devices could potentially listen in or disrupt communications, leading to sensitive information leaking or being compromised.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
S, TS
ISM last updated
Nov 2022
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Guideline
Guidelines for physical securitySection
Facilities and systemsOfficial control statement
An authorised RF and IR device register for SECRET and TOP SECRET areas is developed, implemented, maintained and verified on a regular basis.
Why it matters
Without a current authorised RF/IR device register for SECRET/TOP SECRET areas, unauthorised transmitters can remain undetected, enabling covert collection or data exfiltration.
Operational notes
Regularly reconcile the authorised RF/IR register for SECRET/TOP SECRET areas with physical inspections, and investigate any unregistered or mismatched devices immediately.
Implementation tips
- Managers should create a list of RF and IR devices that are approved for use in secure areas. Start by identifying the types of devices needed for daily operations and then get them formally approved by a security officer.
- IT teams should set up a system to regularly update the device register. This involves checking if new devices have been introduced and removing any devices that are no longer in use. Schedule reminders to review the register monthly.
- Security officers need to verify the device register regularly. They should cross-check current devices in secure areas against the register and remove or approve any discrepancies found.
- HR should train staff on the importance of the authorised device register. Explain why bringing unauthorised devices can be risky and provide guidance on using devices safely and securely.
- The facility manager should ensure physical checks are conducted in secure areas. This involves having staff periodically inspect areas for any unauthorised devices and reporting any issues to the IT department.
Audit / evidence tips
-
Askthe latest authorised device register. Check that it includes a list of all RF and IR devices approved for secure areas
-
Askto see training materials provided to staff about device policies
Cross-framework mappings
How ISM-1543 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (1) expand_less | ||
| Annex A 5.9 | ISM-1543 requires an authorised RF and IR device register for SECRET and TOP SECRET areas to be developed, maintained, and regularly veri... | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.