Guidelines for cryptography
72 controls in this part of theInformation Security Manual (ISM). Each control links to plain-English guidance, audit tips and cross-framework mappings.
Cryptographic algorithms
ISM-0471
Use Only High Assurance Cryptographic Algorithms
ISM-0472
Using Proper Modulus Size for Diffie-Hellman Keys
ISM-0474
Using Secure Elliptic Curve Diffie-Hellman Encryption
ISM-0475
Use P-384 Curve for Secure Digital Signatures
ISM-0476
Ensuring Strong RSA Modulus for Digital Security
ISM-0477
Separate RSA Key Pairs for Different Functions
ISM-0479
Avoid Using ECB Mode for Symmetric Encryption
ISM-0994
Use ECDH for Secure Key Exchanges
ISM-1446
Use Approved Elliptic Curves for Encryption
ISM-1629
Select Correct Modulus for Diffie-Hellman Encryption
ISM-1759
Ensure Strong Encryption with Diffie-Hellman
ISM-1761
Use NIST Curves for ECDH Encryption
ISM-1762
Use NIST P-384 Curve for ECDH Keys
ISM-1763
Use NIST P-384 Curve for ECDSA Signatures
ISM-1764
Use NIST P-384 Curve for ECDSA Signatures
ISM-1765
Use RSA with 3072-bit Modulus for Security
ISM-1766
Ensure Secure Hashing with SHA-2 Algorithm
ISM-1767
Use SHA-2 with Minimum 256-bit Output
ISM-1768
Use Appropriate SHA-2 Output Size for Hashing
ISM-1769
Using AES Encryption with Strong Key Lengths
ISM-1770
Utilise Strong AES Encryption Algorithms
ISM-1917
Support Post-Quantum Cryptographic Algorithms by 2030
ISM-1990
Enforcing Separation of Mobile Apps and Data
ISM-1991
Implement ML-DSA for Enhanced Digital Signature Security
ISM-1992
Using Hedged Variant of ML-DSA for Digital Signatures
ISM-1993
Use Pre-Hashed ML-DSA Variants Only When Necessary
ISM-1994
Use Correct Hashing for ML-DSA Pre-hashed Variants
ISM-1995
Use ML-KEM for Secure Key Encapsulation
ISM-1996
Using Hybrid Schemes for Secure Encryption
ISM-2073
Develop a Post-Quantum Cryptography Transition Plan
Cryptographic Algorithms
Cryptographic fundamentals
ISM-0142
Report Cryptographic Equipment Compromises Promptly
ISM-0455
Enable Data Recovery for Encrypted Data
ISM-0457
Use Evaluated Crypto for Sensitive Data Encryption
ISM-0460
Use HACE for Encrypting Sensitive Media
ISM-0462
Managing Encryption Access for IT Equipment and Media
ISM-0465
Use Evaluated Cryptographic Tools for Sensitive Data
ISM-0467
Using HACE for Secure Communication of Data
ISM-0499
Ensure Compliance with ASD Communication Security Policies
ISM-0501
Transport of Keyed Cryptographic Equipment
ISM-0507
Develop and Maintain Cryptographic Key Management Processes
ISM-1091
Change Keying Material When Compromised
ISM-1802
Operate Approved High Assurance Cryptographic Equipment
Cryptographic protocols
Cryptographic Protocols
Internet Protocol Security
ISM-0494
Use of IPsec Tunnel and Transport Modes
ISM-0496
Use ESP Protocol for Secure IPsec Connections
ISM-0498
Ensure Short Lifetimes for IPsec Associations
ISM-0998
Using Integrity Algorithms for IPsec Connections
ISM-0999
Use DH or ECDH for Secure Key Establishment
ISM-1000
Utilising Perfect Forward Secrecy for IPsec
ISM-1233
Use IKE Version 2 for IPsec Key Exchange
ISM-1771
Use AES Encryption for IPsec Connections
ISM-1772
Use Secure Pseudorandom Functions for IPsec Connections
Secure Shell
ISM-0484
Configure SSH for Secure Server Access
ISM-0485
Use Public Key Authentication for SSH Access
ISM-0487
Disable Certain Features for Passwordless SSH Logins
ISM-0488
Use Forced Commands for SSH Without Passwords
ISM-0489
SSH-Agent Key Expiry and Screen Lock Requirements
ISM-1449
Protect SSH Private Keys with Passwords or Encryption
ISM-1506
Disable SSH Version 1 for Security
Secure/Multipurpose Internet Mail Extension
Transport Layer Security
ISM-1139
Require Latest Version of TLS for Security
ISM-1369
Ensure TLS Connections Use AES-GCM Encryption
ISM-1370
Ensure Only Server-Initiated TLS Renegotiation
ISM-1372
Secure Key Establishment Using DH or ECDH in TLS
ISM-1373
Ensure TLS Connections do not use Anonymous DH
ISM-1374
Use SHA-2 Certificates for Secure TLS Connections
ISM-1375
Use SHA-2 for Secure TLS Connections
ISM-1448
Use Ephemeral DH or ECDH for TLS Key Establishment
ISM-1453
Ensure PFS is Enabled for TLS Connections
ISM-1553
Disable TLS Compression for Security
Back to the full ACSC ISM control list, or browse the complete control library.