Skip to content
Control Stack logo Control Stack
ISM-1556 ASD Information Security Manual (ISM)

Security Measures After Overseas Travel with Mobile Devices

Reset credentials and watch for suspicious account activity after travel to high-risk areas.

Preventative Non-classified OFFICIAL: Sensitive PROTECTED SECRET TOP SECRET ASD Information Security ManualGuidelines for enterprise mobilitycredentialsmonitoring

🏛️ Framework

ASD Information Security Manual (ISM)

🧭 Control effect

Preventative

🔐 Classifications

NC, OS, P, S, TS

🗓️ ISM last updated

Nov 2024

✏️ Control Stack last updated

19 Mar 2026

🎯 E8 maturity levels

N/A

Guideline

Guidelines for enterprise mobility

Section

Mobile device usage

Topic

After Travelling Overseas With Mobile Devices
Official control statement
If returning from travelling overseas with mobile devices to high or extreme risk countries, personnel take the following additional actions: - reset credentials used with mobile devices, including those used for remote access to their organisation's systems - monitor user accounts for any indicators of compromise, such as failed logon attempts.

Source: ASD Information Security Manual (ISM)

Plain language

When you travel overseas, especially to countries where cybersecurity risks are high, you might unknowingly expose your devices and accounts to threats. Upon returning, it's important to change your passwords and keep an eye on your accounts for any unusual activity. This helps prevent hackers from using your information to access your organisation's systems or personal data, protecting both your business and personal life from potential harm.

Why it matters

If credentials aren’t reset after travel to high/extreme-risk countries, attackers may reuse them for remote access and compromise accounts.

Operational notes

After returning from high/extreme-risk travel, reset all mobile/remote-access credentials and monitor accounts for failed logons or other compromise signs.

Implementation tips

  • IT team should organise a post-travel security session for returning employees. Schedule a quick briefing to explain the importance of resetting passwords and monitoring accounts for suspicious activity. Provide a step-by-step guide on how to reset passwords securely and what signs of account compromise look like.
  • Managers should ensure employees have access to resources for secure password management. Offer tools or password manager software that help personnel reset and store their passwords safely. Provide training on creating strong, unique passwords that are not easily guessed.
  • HR should update travel policies to include post-travel cybersecurity steps. Add a checklist to travel documents outlining that employees should reset their passwords and monitor account logins upon return, emphasising how this protects not just one person but the entire organisation.
  • Security officers should facilitate automated alerts for account monitoring. Work with the IT team to set up alerts that notify both employees and security personnel of unusual login attempts on organisational accounts. Use simple email or SMS alerts so that non-technical staff can easily understand and act on them.
  • The IT team should review and update remote access systems regularly. Evaluate the existing security measures in place for accessing organisational systems remotely. Ensure that all employees are aware of and can access the most secure, up-to-date practices for logging in, especially after returning from high-risk countries.

Audit / evidence tips

  • Ask: a list of recent overseas travellers within the organisation

    Good: would be a record showing that all returning travellers have updated their passwords and followed the necessary security procedures

  • Good: includes detailed reports of notification alerts and documented responses that show issues were addressed promptly

  • Ask: to see written post-travel security briefings. Check these briefings for clear instructions on password resets and account monitoring

    Good: should have easily understandable instructions with any necessary contact information for support if issues arise

  • Good: includes documentation of the tools being offered to all applicable personnel and indicates active use of these tools

  • Ask: records of IT system updates related to remote access since the last overseas travel period. Check whether updates have been applied and whether staff have been notified of the changes

    Good: includes a changelog of updates and confirmation emails sent to staff indicating these updates

Cross-framework mappings

How ISM-1556 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.

These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.

ISO 27001

Control Notes Details
Supports (3)
Annex A 5.24 ISM-1556 mandates credential resets and monitoring after high-risk travel
Annex A 6.8 ISM-1556 involves monitoring for compromise indicators and credential resets after high-risk travel
Annex A 8.16 ISM-1556 requires personnel returning from high-risk overseas travel with mobile devices to reset credentials and monitor user accounts f...

E8

Control Notes Details
Supports (1)
E8-AH-ML2.15 ISM-1556 requires post-travel monitoring for compromise indicators

Mapping detail

Mapping

Direction

Controls