Topic

While travelling overseas with mobile devices

Applicable to

all

History

Priority

must

Sep 2023

Personnel report the potential compromise of mobile devices, removable media or credentials to their organisation as soon as possible, especially if they: • provide credentials to foreign government officials • decrypt mobile devices for foreign government officials • have mobile devices taken out of sight by foreign government officials • have mobile devices or removable media stolen, including if later returned • lose mobile devices or removable media, including if later found • observe unusual behaviour of mobile devices.

The existing control relating to travelling overseas with mobile devices was amended to note that stolen or lost mobile devices or removable media should still be reported as a potential compromise even if they are not later returned or found.

Dec 2021

Personnel report the potential compromise of mobile devices, removable media or credentials to their organisation as soon as possible, especially if they: • provide credentials to foreign government officials • decrypt mobile devices for foreign government officials • have mobile devices taken out of sight by foreign government officials • have mobile devices or removable media stolen that are later returned • lose mobile devices or removable media that are later found • observe unusual behaviour of mobile devices.

Miscellaneous changes were made to rationale and security controls throughout the publication. This included:

• A review from the Using the Information Security Manual chapter through to the Guidelines for Media chapter.

• Security controls suitable for all audiences have been identified with the ‘All’ applicability marking while additional security controls suitable for just government audiences have been identified with the O, P, S and TS applicability markings.

• Security controls suitable for specific classifications have been amended to include their classification(s) in the wording of the security controls to reduce the reliance on applicability markings to confer suitability.

• Tables in security controls have been converted into prose to allow for inclusion in the SSP annex template and the XML list of security controls.

• The use of ‘official’ and ‘highly classified’ terminology has been replaced with specific classifications to remove ambiguity.

• Security controls relating to high assurance ICT equipment have had their applicability narrowed to ‘S, TS’ reflecting that they are intended for the protection of SECRET and TOP SECRET systems and data.

Oct 2019

Personnel report the potential compromise of mobile devices, media or credentials to their organisation as soon as possible, especially if they: § provide credentials, decrypt devices or have devices taken out of sight by foreign government officials § have devices or media stolen that are later returned § loose devices or media that are later found § observe unusual behaviour of devices.

Security control 1088 was modified to align with advice within the ACSC’s Travelling Overseas with Electronic Devices publication.

Sep 2019

If personnel are requested to decrypt mobile devices for inspection by customs personnel, or their devices leave their possession at any time, they report the potential compromise of information to their organisation as soon as possible.

2015

If personnel are requested to decrypt mobile devices for inspection by customs personnel,or their mobile device leaves their possession at any time, they must report the potentialcompromise of information on the device to an ITSM as soon as possible.

2010

If personnel are requested to decrypt mobile devices for inspection by customs personnel, or their mobiledevice is taken out of sight by customs personnel, then the member must report the potential compromiseof information or the device to an ITSM as soon as possible.