Information and Communications Technology Security Manual

From The Secure Arc Wiki

Jump to: navigation, search

ACSI-33 is delivered by the Australian Government DSD (Defence Signals Directorate), and is referred to as the Information and Communications Technology Security Manual.

The Commonwealth Protective Security Manual details the minimum standards for the protection of Australian Government resources (including information, personnel and assets) that agencies must meet in their operations.

This is complemented by the policies and guidance provided in this Australian Government Information and Communications Technology Manual which provides a framework to enable government to achieve an assured information and communications technology security environment.

The following information gives a brief account of the ACSI-33 standard. Each requirement of the standard are broken down further into more specific sub-requirements that can be mapped back to both the Security Principles that drive them and the Design Patterns that satisfy them.


Standards Outline

The standard is broken down into 3 parts;

  • Part 1 - ACSI33 and ICT Security
  • Part 2 - ICT Security Governance
    • ICT Security Roles and Responsibilities
    • Security Risk Management
    • Identifying and Developing an ICT Security Policy
    • Security Documentation
    • Developing an SSP (System Security Plan)
    • Developing and Maintaining Security SOPS (Standard Operating Procedures)
    • Accrediting ICT Systems
    • Maintaining ICT Security and Managing Security Incidents
    • Reviewing ICT Security
  • Part 3 - ICT Security Standards
    • Physical Security
    • Personnel
    • ICT Product Lifecycle
    • Media and Hardware Security
    • Software Security
    • Logical Access Control
    • Active Security
    • Communications Security (COMSEC)
    • Cryptography
    • Network Security
    • Data Transfer

Standard Practice

Agencies MUST be compliant with the manual released no more than two years previously. DSD RECOMMENDS that agencies maintain compliance with the current release of the manual.

Licensing and Documentation

The license associated with the ACSI-33 standard permits public distribution or reproduction. It is available from the DSD website.


Personal tools