Information security

ISM | EPL | AISEP | IRAP

The Australian Signals Directorate’s (ASD, formerly DSD) information security function is outlined in the Intelligence Services Act 2001. As the Commonwealth authority on the security of information, ASD provides advice and other assistance to federal and state authorities on matters relating to the security and integrity of information.

Information Security Manual

ASD is responsible for producing ICT security policy and standards for government and publishes these in the Australian Government Information Security Manual (ISM, formerly ACSI 33). ASD is heavily involved in specialised information security training, policy guidance and professional forums in support of government information security. We draw widely on the expertise within ASD, and aim to add unique value to the practice of ICT security in government.

Australasian Information Security Evaluation Program and Evaluated Products List

ASD facilitates the evaluation of ICT security products for the Australian Government. The Evaluated Products List (EPL) lists ICT security products certified by the ASD-managed Australasian Information Security Evaluation Program (AISEP) for use in Australian and New Zealand government agencies. AISEP allows the security claims of ICT products to be independently assessed against internationally recognised Common Criteria (CC). Our evaluation programs include cryptographic, high assurance and cross-domain solutions.

Emanation security and cryptography

The Emanation Security Program sets out the requirements for government and industry agencies to be formally recognised by the national authority, ASD, to conduct emanation security practices to national standards.

ASD advises the Australian Government on high-grade cryptographic equipment and cryptographic modernisation. We make sure Australia is at the forefront of cryptology by keeping abreast of emerging equipment and technologies.

Countering the threat to the security of government information requires ASD to work closely with the ICT industry to deliver threat and vulnerability information and help ASD build capability and expand its capacity to secure government ICT.

Cyber security

Our Cyber Security Operations Centre (CSOC) has two main roles. It provides government with a comprehensive understanding of sophisticated cyber threats against Australian interests, in addition to coordinating and assisting operational responses to cyber events of national importance across government and systems of national importance. Its services revolve around ICT security incident response, ICT system forensics and specialist assistance, vulnerability assessments, education and awareness. ASD’s expertise is used to identify and help mitigate vulnerabilities within Australian government systems and the National Information Infrastructure.

Finally, ASD participates in whole-of-government efforts to promote cyber security to all Australians. Our Strategies to Mitigate Targeted Cyber Intrusions emphasises the importance of keeping software up to date to minimise the opportunities for criminals to steal or misuse your information. The CyberSense video shows some of these threats.