Skip to content
Control Stack logo Control Stack
ISM-1781 ASD Information Security Manual (ISM)

Ensure All Network Data is Encrypted

Make sure all data sent over any network is protected by encryption.

Preventative Non-classified OFFICIAL: Sensitive PROTECTED SECRET TOP SECRET ASD Information Security ManualGovernanceCryptographyNetwork security

🏛️ Framework

ASD Information Security Manual (ISM)

🧭 Control effect

Preventative

🔐 Classifications

NC, OS, P, S, TS

🗓️ ISM last updated

May 2022

✏️ Control Stack last updated

22 Feb 2026

🎯 E8 maturity levels

N/A

Guideline

Guidelines for networking

Section

Network design and configuration

Topic

Network Encryption
Official control statement
All data communicated over network infrastructure is encrypted.

Source: ASD Information Security Manual (ISM)

Plain language

Think of network encryption like a lock on your front door. When data is sent over the internet or through your office network, encryption makes sure that only the right people can understand it. Without encryption, anyone could take a peek at your sensitive information, leading to privacy breaches and potentially financial losses.

Why it matters

If network traffic is unencrypted, attackers can intercept credentials and sensitive data in transit, leading to breaches and loss of trust.

Operational notes

Regularly validate TLS/VPN configurations and cipher suites, and ensure all endpoints use ISM-approved encryption for data in transit.

Implementation tips

  • The IT team should assess all current network connections and identify any that aren't using encryption. They can do this by reviewing data flow diagrams and checking configurations on network devices like routers and switches.
  • Managers should work with IT to ensure all staff understand the importance of encrypting data. They can organise training sessions where IT explains how encryption protects sensitive information and what actions staff should take when sending emails or using online services.
  • Procurement should require encryption capabilities when purchasing new software or network services. They should ask vendors to demonstrate how their products encrypt data during transmission before making a purchase decision.
  • System owners must ensure that all internal communication tools, like chat and file-sharing platforms, use encryption. They can work with IT to enable and configure encryption settings, and double-check this protection is active.
  • HR should make sure that all relevant policies, including data handling and usage protocols, explicitly mandate the use of encryption for transmitting sensitive information. These policies should be part of employee onboarding and regularly reviewed in staff meetings.

Audit / evidence tips

  • Ask: configuration logs from network devices: Request logs that show encryption settings are enabled

    Good: is a recent log showing all data pathways protected by encryption

  • Good: is regular sessions attended by all relevant staff, including notes or feedback from sessions

  • Good: includes vendor documentation detailing encryption features and their evaluation against organisational needs

  • Ask: documentation of internal communication platforms: Ensure there’s evidence of encryption settings being configured and regularly reviewed

    Good: is current settings documentation showing encryption is active and any audit logs that verify usage

  • Good: is a well-circulated policy document that explicitly mentions encryption and has been acknowledged by all staff

Cross-framework mappings

How ISM-1781 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.

These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.

ISO 27001

Control Notes Details
Partially meets (1)
Annex A 8.20 ISM-1781 requires all data communicated over network infrastructure to be encrypted to protect confidentiality and reduce interception risk

Mapping detail

Mapping

Direction

Controls