Skip to content
arrow_back
policyASD ISM

Guidelines for cryptography

72 controls in this part of theInformation Security Manual (ISM). Each control links to plain-English guidance, audit tips and cross-framework mappings.

Cryptographic algorithms

ISM-0471
Use Only High Assurance Cryptographic Algorithms
ISM-0472
Using Proper Modulus Size for Diffie-Hellman Keys
ISM-0474
Using Secure Elliptic Curve Diffie-Hellman Encryption
ISM-0475
Use P-384 Curve for Secure Digital Signatures
ISM-0476
Ensuring Strong RSA Modulus for Digital Security
ISM-0477
Separate RSA Key Pairs for Different Functions
ISM-0479
Avoid Using ECB Mode for Symmetric Encryption
ISM-0994
Use ECDH for Secure Key Exchanges
ISM-1446
Use Approved Elliptic Curves for Encryption
ISM-1629
Select Correct Modulus for Diffie-Hellman Encryption
ISM-1759
Ensure Strong Encryption with Diffie-Hellman
ISM-1761
Use NIST Curves for ECDH Encryption
ISM-1762
Use NIST P-384 Curve for ECDH Keys
ISM-1763
Use NIST P-384 Curve for ECDSA Signatures
ISM-1764
Use NIST P-384 Curve for ECDSA Signatures
ISM-1765
Use RSA with 3072-bit Modulus for Security
ISM-1766
Ensure Secure Hashing with SHA-2 Algorithm
ISM-1767
Use SHA-2 with Minimum 256-bit Output
ISM-1768
Use Appropriate SHA-2 Output Size for Hashing
ISM-1769
Using AES Encryption with Strong Key Lengths
ISM-1770
Utilise Strong AES Encryption Algorithms
ISM-1917
Support Post-Quantum Cryptographic Algorithms by 2030
ISM-1990
Enforcing Separation of Mobile Apps and Data
ISM-1991
Implement ML-DSA for Enhanced Digital Signature Security
ISM-1992
Using Hedged Variant of ML-DSA for Digital Signatures
ISM-1993
Use Pre-Hashed ML-DSA Variants Only When Necessary
ISM-1994
Use Correct Hashing for ML-DSA Pre-hashed Variants
ISM-1995
Use ML-KEM for Secure Key Encapsulation
ISM-1996
Using Hybrid Schemes for Secure Encryption
ISM-2073
Develop a Post-Quantum Cryptography Transition Plan

Cryptographic Algorithms

Cryptographic fundamentals

ISM-0142
Report Cryptographic Equipment Compromises Promptly
ISM-0455
Enable Data Recovery for Encrypted Data
ISM-0457
Use Evaluated Crypto for Sensitive Data Encryption
ISM-0460
Use HACE for Encrypting Sensitive Media
ISM-0462
Managing Encryption Access for IT Equipment and Media
ISM-0465
Use Evaluated Cryptographic Tools for Sensitive Data
ISM-0467
Using HACE for Secure Communication of Data
ISM-0499
Ensure Compliance with ASD Communication Security Policies
ISM-0501
Transport of Keyed Cryptographic Equipment
ISM-0507
Develop and Maintain Cryptographic Key Management Processes
ISM-1091
Change Keying Material When Compromised
ISM-1802
Operate Approved High Assurance Cryptographic Equipment

Cryptographic protocols

Cryptographic Protocols

Internet Protocol Security

Secure Shell

Secure/Multipurpose Internet Mail Extension

Transport Layer Security

Back to the full ACSC ISM control list, or browse the complete control library.