Guidelines for email
26 controls in this part of theASD ISM. Each control links to plain-English guidance, audit tips and cross-framework mappings.
Email gateways and servers
ISM-0567
Restrict Email Relay to Specific Domains
ISM-0569
Centralise Email Routing via Gateways
ISM-0570
Maintain Backup Email Gateways to Primary Standards
ISM-0571
Ensure Secure Email Transmission via Gateways
ISM-0572
Enable Opportunistic TLS for Email Server Encryption
ISM-0574
Use SPF to Authorise Email Servers
ISM-0861
Enable DKIM Signing for Organisational Emails
ISM-1024
Verify Senders for Email Failure Notifications
ISM-1026
Verification of DKIM Signatures on Incoming Emails
ISM-1027
Configure Email Distribution Lists to Preserve DKIM Signatures
ISM-1151
Verify Email Authenticity Using SPF
ISM-1183
Implement Hard Fail SPF Records for Email Security
ISM-1234
Protect Email Systems with Content Filtering
ISM-1502
Ensure Multi-factor Authentication for Online Services
ISM-1540
Configuring DMARC for Email Security
ISM-1589
Enable MTA-STS for Secure Email Transport
ISM-1799
Enforce Email Rejection for Failed DMARC Checks
Email usage
ISM-0264
Develop and Maintain an Email Usage Policy
ISM-0267
Blocking Access to Unapproved Webmail Services
ISM-0269
Restrict Sensitive Emails to Verified Recipients
ISM-0270
Apply Protective Markings to Emails Based on Sensitivity
ISM-0271
Prevent Automatic Email Marking by Protective Tools
ISM-0272
Prevent Unauthorised Protective Marking Selection
ISM-0565
Email Security for Protective Markings
ISM-1023
Notify Parties of Blocked Emails
ISM-1089
Prevent Lower Email Protective Marking Selection
Back to the full Australian Government Information Security Manual control list, or browse the complete control library.