Guidelines for security assurance
35 controls in this part of theInformation Security Manual (ISM). Each control links to plain-English guidance, audit tips and cross-framework mappings.
Security assessments
ISM-1698
Daily Vulnerability Scanning for Missing Updates
ISM-1699
Weekly Vulnerability Scanning for Software Updates
ISM-1700
Regular Vulnerability Scanning for Applications
ISM-1701
Daily Vulnerability Scanning for Internet-Facing Systems
ISM-1702
Regularly Scan for Missing Security Patches
ISM-1703
Regular Vulnerability Scanning for Missing Patches
ISM-1752
Fortnightly Vulnerability Scanning for Non-Workstations
ISM-1807
Automated Asset Discovery for Vulnerability Scanning
ISM-1808
Vulnerability Scanning with Updated Tools
ISM-1900
Fortnightly System Vulnerability Scanning
ISM-1921
Assess System Compromise Risks Often
Security Assessments
Security monitoring
ISM-0585
Capture Detailed Information in Event Logs
ISM-0988
Ensure Accurate Time Source for Event Logs
ISM-1228
Analyse Cyber Security Events Promptly
ISM-1405
Implement a Centralised Event Logging Facility
ISM-1815
Protect Event Logs from Unauthorised Access
ISM-1906
Timely Analysis of Internet-Facing Server Logs
ISM-1907
Timely Analysis of Non-Internet-Server Logs
ISM-1959
Ensure Consistent Formatting for Event Logs
ISM-1960
Timely Analysis of Event Logs for Cybersecurity
ISM-1961
Timely Analysis of Network Device Event Logs
ISM-1985
Protect Event Logs from Unauthorised Access
ISM-1986
Timely Analysis of Critical Server Event Logs
ISM-1987
Timely Analysis of Security Event Logs
ISM-1988
Ensure Event Logs Are Retained for 12 Months
ISM-1989
Ensure Event Logs Meet Retention Requirements
Security Monitoring
ISM-0109
Timely Analysis of Workstation Event Logs
ISM-0120
Access to Tools for Detecting Security Events
ISM-0580
Develop, Implement and Maintain a Security Monitoring Policy
ISM-1983
Log Events Sent to Centralised Facility Quickly
ISM-1984
Encrypt Event Logs in Transit Using ASD Cryptography
ISM-2116
Use Cyber Threat Intelligence for Event Detection
ISM-2117
AI Models Augment Cyber Security Event Detection
Back to the full ACSC ISM control list, or browse the complete control library.