Ensure Compliance with Emanation Security Doctrine
Organisations must follow guidelines for managing information leaks through electromagnetic emissions.
Plain language
This control is all about preventing leaks of sensitive information through electromagnetic waves, like those that come from electronic devices. If we ignore this, hackers could intercept these signals and access private data, risking the security of our entire organisation.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
OS, P, S, TS
ISM last updated
Nov 2023
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Section
Emanation securityOfficial control statement
Emanation security doctrine produced by ASD for the management of emanation security matters is complied with.
Why it matters
Without emanation security controls, electromagnetic emissions may be exploited to recover sensitive information, enabling espionage and serious data compromise.
Operational notes
Apply ASD emanation security doctrine: assess areas handling classified data, enforce zoning/separation, use ASD-approved countermeasures, and periodically verify emissions meet doctrine requirements.
Implementation tips
- The IT manager should ensure all staff are aware of the potential risk of electromagnetic leaks by organising regular training sessions. In these sessions, explain how electronic devices can unintentionally emit signals and what can be done to minimise these emissions.
- IT staff should conduct regular scans of the organisation's offices to check for any abnormal electromagnetic emissions. Use specialised equipment to detect any unusual signals that might leak sensitive data.
- Facilities managers should check that all new office devices meet recommended standards to prevent electromagnetic leaks. They can achieve this by following guidelines from Australian Signals Directorate (ASD) during purchase and installation processes.
- Management should ensure that sensitive work areas have additional protections. This might include creating designated zones where only pre-approved, low-emission equipment is used and installed, reducing the chance of leaks.
- The security team should routinely update policies on device use and storage, incorporating ASD's emanation security guidelines. Make sure all staff are informed of these policies and understand their role in ensuring compliance.
Audit / evidence tips
-
Askthe training records related to electromagnetic emissions
Goodrecord will show regular, comprehensive training sessions at least annually
-
Askpurchasing records of electronic devices. Check the documentation for compliance with ASD's guidelines on electromagnetic emissions. Proper records will indicate that all devices meet emanation security standards
-
Askpolicy documents relating to device use and storage
Goodwill be current policies circulated within the last 12 months with evidence of staff agreement
Cross-framework mappings
How ISM-1884 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| handshake Supports (2) expand_less | ||
| Annex A 5.4 | ISM-1884 requires the organisation to comply with ASD emanation security (EMSEC) doctrine to prevent information leakage via electromagne... | |
| Annex A 5.36 | ISM-1884 requires compliance with ASD EMSEC doctrine, including verifying that required emanation controls are actually followed in relev... | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.