Guidelines for gateways
63 controls in this part of theACSC ISM. Each control links to plain-English guidance, audit tips and cross-framework mappings.
Content filtering
ISM-0649
Filter Gateway Files for Allowed Types
ISM-0651
Block Malicious or Uninspectable Files
ISM-0652
Quarantine Suspicious Files for Review
ISM-0659
Filtering Content of Gateway and CDS Files
ISM-0677
Ensure File Integrity Through Signature Validation
ISM-1284
Ensure Content Validation for Gateway Files
ISM-1286
Ensure Content Conversion at Gateways
ISM-1287
Ensure Gateway and CDS File Content Sanitisation
ISM-1288
Antivirus Scanning of Gateway Files
ISM-1290
Controlled Unpacking of Archive Files for Filtering
ISM-1389
Analyse Executable Files in Sandboxes
ISM-1524
Ensure Rigorous Testing of Content Filters
ISM-1965
Content Checking for Imported or Exported Files
Content Filtering
Cross Domain Solutions
ISM-0597
Consult ASD Before Changing CDS Connectivity
ISM-0610
Train Users on Secure Use of CDSs
ISM-0626
Implementing CDS for Secure Network Segmentation
ISM-0635
Ensure Network Paths are Isolated in CDSs
ISM-0670
Central Logging of CDS Security Events
ISM-1521
Use Protocol Breaks to Separate Network Layers
ISM-1522
Ensure CDSs Separate Upward and Downward Data Paths
ISM-1523
Regular Assessment of Security Events in CDS
Diodes
Firewalls
Gateways
ISM-0100
Regular IRAP Assessment of Sensitive Gateways
ISM-0611
Restrict Privileges for Gateway Administrators
ISM-0612
Training for Gateway System Administrators
ISM-0613
Requirement for Gateway System Administrators Nationality
ISM-0616
Ensure Separation of Duties for Gateway Admins
ISM-0619
User Authentication for Network Gateway Access
ISM-0622
Ensuring Network Authentication via Gateways
ISM-0628
Implementing Secure Network Gateways
ISM-0629
Manage Gateways Between Different Security Domains
ISM-0631
Restrict Data Flows with Authorised Gateways
ISM-0634
Central Logging for Gateway Security Events
ISM-0637
Implementing Demilitarised Zones in Gateways
ISM-1037
Regular Testing of Gateway Security Configurations
ISM-1192
Inspecting and Filtering Data with Gateways
ISM-1427
Prevent IP Source Address Spoofing in Gateways
ISM-1520
Employment Screening for Gateway Administrators
ISM-1773
Eligibility Criteria for Gateway System Administrators
ISM-1774
Secure Management Paths for Network Gateways
ISM-1783
Secure BGP with Valid ROA for IP Addresses
ISM-2018
Secure BGP Routing with RPKI-Registered IP Addresses
ISM-2019
Routine Security Assessments for TOP SECRET Gateways
Peripheral switches
Web application firewalls
Web content filters
ISM-0263
Inspect and Decrypt TLS Traffic through Gateways
ISM-0958
Implement Domain Name Allow and Block Lists
ISM-0961
Restrict Active Content with Web Filters
ISM-0963
Implementing Web Content Filters for Safety
ISM-1171
Block Direct IP Access to Websites
ISM-1236
Blocking Malicious and Anonymous Domain Names
ISM-1237
Implement Web Content Filters for Outbound Traffic
Web proxies
Back to the full ASD ISM control list, or browse the complete control library.