Guidelines for Outsourcing
Information technology and cloud services
The content was modified to include a reference to the ACSC’s new Identifying Cyber Supply Chain Risks publication.
Further information on cyber supply chain risk management can be found in the ACSC’s Cyber Supply Chain Risk Management publication at https://www.cyber.gov.au/acsc/view-all-content/publications/cyber-supply-chain-risk-management and the Identifying Cyber Supply Chain Risks publication at https://www.cyber.gov.au/acsc/view-all-content/publications/identifying-cyber-supply-chain-risks.
Guidelines for Networking
Network design and configuration
The content was modified to include a reference to the ACSC’s two new publications on Domain Name Systems.
Further information on Domain Name Systems can be found in the ACSC’s Domain Name System Security for Domain Owners publication at https://www.cyber.gov.au/acsc/view-all-content/publications/domain-name-system-security-domain-owners and the Domain Name System Security for Domain Resolvers publication at https://www.cyber.gov.au/acsc/view-all-content/publications/domain-name-system-security-domain-resolvers.
Please note: There is no requirement for organisations to be compliant with every monthly update to the Australian Government Information Security Manual (ISM). Instead, organisations are encouraged to review the security risks for their systems (using the latest version of the ISM available at the time) based on a frequency suitable for their business requirements and in accordance with their corporate risk management framework. Further information on applying the ISM can be found in the Using the Australian Government Information Security Manual chapter.