When exporting AUSTEO or AGAO data from a system, keyword searches are undertaken on all textual data and any identified data is quarantined until reviewed and approved for release by a trusted source other than the originator.
Topic
Preventing export of highly sensitive data to foreign systems
Applicable to
Secret, Top Secret
History
Priority
must
Mar 2022
Removed
The existing recommendation to conduct keyword searches on all textual data when exporting AUSTEO or AGAO data from a system (ISM-0678) was merged into the overarching recommendation to establish processes and procedures to prevent AUSTEO and AGAO data in both textual and non-textual forms from being exported to foreign systems (ISM-1535). In addition, the recommended to prevent the export of REL data has also been included to prevent export to specific foreign systems that it is not authorised to be exported to.
Dec 2021
When exporting AUSTEO or AGAO data from a system, keyword searches are undertaken on all textual data and any identified data is quarantined until reviewed and approved for release by a trusted source other than the originator.
Miscellaneous changes were made to rationale and security controls throughout the publication. This included:
• A review from the Using the Information Security Manual chapter through to the Guidelines for Media chapter.
• Security controls suitable for all audiences have been identified with the ‘All’ applicability marking while additional security controls suitable for just government audiences have been identified with the O, P, S and TS applicability markings.
• Security controls suitable for specific classifications have been amended to include their classification(s) in the wording of the security controls to reduce the reliance on applicability markings to confer suitability.
• Tables in security controls have been converted into prose to allow for inclusion in the SSP annex template and the XML list of security controls.
• The use of ‘official’ and ‘highly classified’ terminology has been replaced with specific classifications to remove ambiguity.
• Security controls relating to high assurance ICT equipment have had their applicability narrowed to ‘S, TS’ reflecting that they are intended for the protection of SECRET and TOP SECRET systems and data.
2017
When exporting data from an AUSTEO or AGAO system, the following additional activitiesmust be undertaken:• ensure that keyword searches are performed on all textual data• ensure that any identified data is quarantined until reviewed and approved for release by atrusted source other than the originator• develop procedures to prevent AUSTEO and AGAO information in both textual andnon-textual formats from being exported.
Control Text Changed. No public explaination.
2015
When exporting data from an AUSTEO or AGAO system, the following additional activitiesmust be undertaken:• ensure that keyword searches are performed on all textual data• ensure that any identified data is quarantined until reviewed and approved for release by atrusted source other than the originator• develop procedures to prevent AUSTEO and AGAO information in both textual and non–textual formats from being exported.
2010
Agencies must:• ensure keyword searches are performed on all textual data• ensure any identified data is quarantined until reviewed and approved for release by a trusted sourceother than the originator• develop procedures to prevent AUSTEO and AGAO information in both textual and non-textual formatsfrom being exported.
2008
Agencies must: a. ensure that keyword searches are performed on all textual data b. ensure any identified data is quarantined until reviewed and approved for release by a trusted source other than the originator c. develop procedures to prevent AUSTEO or AGAO information in both textual and non-textual formats from being exported d. implement data filtering performed by a product with at least an EAL2 level of assurance that has been specifically evaluated for that purpose.