Content Checking for Imported or Exported Files
Files passing through gateways or data systems are checked to ensure they meet security requirements.
Plain language
When files come into or go out from an organisation, it's important to check them to ensure they don't contain harmful content or expose sensitive information. This process prevents problems like data breaches or malware infections, which could lead to costly disruptions or damage to a business's reputation.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
NC, OS, P, S, TS
ISM last updated
Aug 2024
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Official control statement
Files imported or exported via gateways or CDSs undergo content checking.
Why it matters
If gateway/CDS content checking is absent, malware can traverse import/export paths and sensitive data may be exfiltrated, causing outages and reportable breaches.
Operational notes
Keep gateway/CDS content checking signatures and file-type rules current. Review allow/deny logs and quarantine events to spot repeated detections, tuning rules to reduce false positives.
Implementation tips
- The IT team should establish a content filtering system to automatically scan all files imported or exported through data gateways. They can set up software tools that scan files for viruses, inappropriate content, or confidential information before allowing them to pass through.
- Managers should train staff on the importance of checking files they upload or download, explaining how harmful content can slip through and what they can do to prevent it. Regular workshops can be held to demonstrate using the content checking tools effectively.
- System administrators should configure the file gateways to quarantine files that don't meet set security standards. This involves setting up rules that identify potential threats and automatically isolating those files for further review.
- Procurement teams should ensure that content checking software and systems are up-to-date and comply with the latest Australian Cyber Security Centre (ACSC) guidelines. When acquiring new systems, they should review ACSC recommendations and ensure vendors provide compliant solutions.
- Senior management should regularly review content checking reports to understand the effectiveness of the system. They can schedule monthly reviews with the IT team to discuss trends and any incidents of content-blocking, adjusting policies as needed.
Audit / evidence tips
-
Askthe documented policy on content checking for file transfers
-
Goodlog will show a history of scans, details of any blocks or quarantines, and follow-up actions taken
-
Asktraining records related to file content checking
-
Askquarantine folder access reports
Goods will show regular reviews and resolution of quarantined files in a timely manner
-
Goodwould be an up-to-date certificate showing compliance with relevant security standards
Cross-framework mappings
How ISM-1965 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| handshake Supports (1) expand_less | ||
| Annex A 8.12 | ISM-1965 requires content checking for files imported or exported through gateways or CDSs to confirm they comply with security requirements | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.