Mobile devices that access SECRET or TOP SECRET systems or data use mobile platforms that have been issued an Approval for Use by ASD and are operated in accordance with the latest version of their associated Australian Communications Security Instruction.
Topic
Approved mobile platforms
Applicable to
Secret, Top Secret
History
Priority
must not
Sep 2023
Mobile devices that access SECRET or TOP SECRET systems or data use mobile platforms that have been issued an Approval for Use by ASD and are operated in accordance with the latest version of their associated Australian Communications Security Instruction.
The existing control relating to mobile devices not accessing SECRET or TOP SECRET systems or data unless approved by ASD was amended to clearly articulate that approval by ASD constitutes the issuing of an Approval for Use (AFU) by ASD and operation in accordance with the latest version of their associated Australian Communications Security Instruction.
Sep 2022
Mobile devices do not process, store or communicate SECRET or TOP SECRET data until approved for use by ASD.
Language associated with ‘approved for use by the ACSC’ was amended to ‘approved for use by ASD’ noting that ASD issues ‘approval for use’ for cryptographic equipment.
Dec 2021
Mobile devices do not process, store or communicate SECRET or TOP SECRET data until approved for use by the ACSC.
Miscellaneous changes were made to rationale and security controls throughout the publication. This included:
• A review from the Using the Information Security Manual chapter through to the Guidelines for Media chapter.
• Security controls suitable for all audiences have been identified with the ‘All’ applicability marking while additional security controls suitable for just government audiences have been identified with the O, P, S and TS applicability markings.
• Security controls suitable for specific classifications have been amended to include their classification(s) in the wording of the security controls to reduce the reliance on applicability markings to confer suitability.
• Tables in security controls have been converted into prose to allow for inclusion in the SSP annex template and the XML list of security controls.
• The use of ‘official’ and ‘highly classified’ terminology has been replaced with specific classifications to remove ambiguity.
• Security controls relating to high assurance ICT equipment have had their applicability narrowed to ‘S, TS’ reflecting that they are intended for the protection of SECRET and TOP SECRET systems and data.
2015
Agencies must not allow mobile devices to process or store TOP SECRET information unlessexplicitly approved by ASD to do so.
2010
Agencies must not allow mobile devices to process or store TOP SECRET information unless explicitlyapproved by DSD to do so.