Guidelines for networking
71 controls in this part of theInformation Security Manual (ISM). Each control links to plain-English guidance, audit tips and cross-framework mappings.
Network design and configuration
ISM-0516
Comprehensive Network Diagrams for Critical Components
ISM-0518
Maintain Comprehensive Network Documentation
ISM-0520
Prevent Unauthorised Network Device Connections
ISM-0521
Disable Unused IPv6 on Dual-Stack Devices
ISM-0529
Avoid Using VLANs for Different Security Domains
ISM-0530
Administer VLANs from Trusted Security Domains
ISM-0534
Disable Unused Network Device Ports
ISM-0535
Prevent VLAN Trunk Sharing Across Security Domains
ISM-1006
Prevent Unauthorised Access to Network Traffic
ISM-1028
Use NIDS/NIPS for Gateway Network Security
ISM-1030
Deploy NIDS/NIPS for Gateway Traffic Monitoring
ISM-1178
Limit Network Documentation for Third Parties
ISM-1181
Segregate Networks by Server Criticality
ISM-1182
Implement Network Traffic Control Measures
ISM-1186
Ensure IPv6 Network Security Appliances Are Used
ISM-1304
Secure Network Devices by Changing Default Credentials
ISM-1311
Prevent Use of Insecure SNMP Versions on Networks
ISM-1312
Changing Default SNMP Community Strings on Devices
ISM-1364
Separate VLANs by Security Domains
ISM-1428
Disable IPv6 Tunnelling Unless Necessary
ISM-1430
Configure IPv6 Addresses with DHCPv6 in Stateful Mode
ISM-1479
Minimise Server-to-Server Communication
ISM-1532
Avoid Using VLANs for Network Separation
ISM-1577
Ensure Network Segregation from Service Providers
ISM-1627
Block Inbound Traffic from Anonymity Networks
ISM-1628
Prevent Anonymity Network Traffic in Outbound Connections
ISM-1782
Use Protective DNS to Block Malicious Domains
ISM-1800
Ensure Network Devices Have Trusted Firmware
ISM-1863
Restrict Exposure of Network Management Interfaces
ISM-1912
Document Device Settings for Critical and High-Value Servers
ISM-1962
Disable SMBv1 Protocol on Networks
ISM-1963
Central Logging of Events on Internet-Facing Devices
ISM-1964
Central Logging for Network Device Events
ISM-2068
Restrict Internet Access for Networked Devices
Network Design and Configuration
Service continuity for online services
ISM-1431
Strategies for Mitigating Denial-of-Service Attacks
ISM-1432
Protect Online Services from Domain Hijacking
ISM-1436
Segregate Critical Services to Prevent DoS Attacks
ISM-1437
Utilising Cloud Providers for Hosting Online Services
ISM-1438
Ensure High Availability by Using CDNs
ISM-1439
Restrict IP Disclosure in CDNs
ISM-1580
Ensure High Availability for Online Services
ISM-1581
Monitor Capacity and Availability of Online Services
Service Continuity for Online Services
Wireless networks
ISM-1013
Limit Wireless Range with RF Shielding
ISM-1314
Ensure Wireless Devices are Wi-Fi Alliance Certified
ISM-1315
Disable Wireless Network Administrative Interfaces
ISM-1316
Ensure Default Wireless SSIDs Are Changed
ISM-1317
Secure Naming of Non-Public Wireless Networks
ISM-1318
Prevent SSID Broadcasting on Access Points
ISM-1319
Avoid Static IP Addressing on Wireless Networks
ISM-1320
Avoid Using MAC Filtering for Wireless Access Control
ISM-1321
Implement EAP-TLS for Secure Wireless Authentication
ISM-1322
Assessing 802.1X Components in Wireless Networks
ISM-1323
Requiring Certificates for Wireless Network Access
ISM-1324
Certificate Generation for Secure Authentication
ISM-1327
Secure Certificates for Network Authentication
ISM-1330
Limit PMK Caching Duration on Wireless Networks
ISM-1332
Ensure Wireless Traffic is Secure with WPA3-Enterprise
ISM-1334
Ensure Frequency Separation in Wireless Networks
ISM-1335
Enabling 802.11w to Protect Wireless Management Frames
ISM-1338
Use Lower-Powered Wireless Access Points for Coverage
ISM-1454
Enhancing Security with Encrypted RADIUS Communications
ISM-1710
Secure Default Settings for Wireless Access Points
ISM-1711
Ensure User Identity Confidentiality in EAP-TLS
ISM-1712
Ensure Secure Authenticator Communication for Wireless FT
Wireless Networks
Back to the full ACSC ISM control list, or browse the complete control library.